forumpcbrasil.forumeiros.com Open in urlscan Pro
178.33.115.32 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFgg...
Effective URL:
http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Submission: On July 11 via manual (July 11th 2018, 6:18:15 pm UTC) from US

Summary HTTP 200 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 58 IPs in 9 countries across 40 domains to perform 200 HTTP transactions. The main IP is 178.33.115.32, located in Spain and belongs to OVH, FR. The main domain is forumpcbrasil.forumeiros.com.

This is the only time forumpcbrasil.forumeiros.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	178.33.115.32 178.33.115.32	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
29	2400:cb00:204... 2400:cb00:2048:1::681b:8280	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	178.250.2.74 178.250.2.74	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2400:cb00:204... 2400:cb00:2048:1::6812:37a5	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	87.98.186.20 87.98.186.20	16276 (OVH) (OVH)
2	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
4	2400:cb00:204... 2400:cb00:2048:1::681f:4945	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	104.108.68.8 104.108.68.8	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3 8	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY - Fastly)
7	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	178.250.2.71 178.250.2.71	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	2.16.186.80 2.16.186.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.67.129.200 23.67.129.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	178.250.2.66 178.250.2.66	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	62.67.193.41 62.67.193.41	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1	185.29.135.42 185.29.135.42	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
3	62.67.193.43 62.67.193.43	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1	136.243.51.231 136.243.51.231	24940 (HETZNER-AS) (HETZNER-AS)
1 3	136.243.54.220 136.243.54.220	24940 (HETZNER-AS) (HETZNER-AS)
1 1	195.216.249.67 195.216.249.67	47268 (ZANOX) (ZANOX)
1	85.214.124.106 85.214.124.106	6724 (STRATO ST...) (STRATO STRATO AG)
1	185.29.134.232 185.29.134.232	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
3	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	185.29.135.48 185.29.135.48	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
5	216.58.214.98 216.58.214.98	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	37.252.172.40 37.252.172.40	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	178.250.2.67 178.250.2.67	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2400:cb00:204... 2400:cb00:2048:1::6810:a00d	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f12... 2a03:2880:f12d:86:face:b00c:0:50fb	32934 (FACEBOOK) (FACEBOOK - Facebook)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2400:cb00:204... 2400:cb00:2048:1::681f:4002	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	2a03:2880:f01... 2a03:2880:f01c:80a1:face:b00c:0:d0c	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2400:cb00:204... 2400:cb00:2048:1::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:812::200d	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2404:6800:400... 2404:6800:4005:80e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
4	52.18.183.216 52.18.183.216	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	54.72.165.213 54.72.165.213	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER - Twitter Inc.)
6 21	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
3 11	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY - Fastly)
2 2	37.252.172.80 37.252.172.80	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
3 3	35.201.85.158 35.201.85.158	15169 (GOOGLE) (GOOGLE - Google LLC)
3 3	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE - Google LLC)
4 4	54.72.231.120 54.72.231.120	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY - Fastly)
3 3	34.208.220.127 34.208.220.127	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	192.132.33.27 192.132.33.27	18568 (BIDTELLECT) (BIDTELLECT - Bidtellect Inc.)
3	107.178.246.211 107.178.246.211	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	18.153.11.31 18.153.11.31	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	37.252.172.53 37.252.172.53	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2 2	18.153.11.30 18.153.11.30	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2400:cb00:204... 2400:cb00:2048:1::6811:914c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4	2400:cb00:204... 2400:cb00:2048:1::6811:8f4c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2400:cb00:204... 2400:cb00:2048:1::6811:8e4c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	52.48.254.224 52.48.254.224	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
2	198.47.127.32 198.47.127.32	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
200	58

1 2a00:1450:4001:812::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.33.115.32 (Spain)

ASN16276 (OVH, FR)

forumpcbrasil.forumeiros.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2400:cb00:2048:1::681b:8280 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

illiweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.74 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: static.criteo.net

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6812:37a5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i21.servimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 87.98.186.20 (France)

ASN16276 (OVH, FR)

hitsk.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.193 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::681f:4945 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

imgfast.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.108.68.8 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-68-8.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.114.2 (San Francisco, United States) 3 redirects

ASN54113 (FASTLY - Fastly, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.71 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: cas.criteo.com

cas.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.186.80 (European Union) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com

b.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.129.200 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-200.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.66 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 62.67.193.41 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.42 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 62.67.193.43 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.243.51.231 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.231.51.243.136.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 136.243.54.220 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.220.54.243.136.clients.your-server.de

ad38.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.216.249.67 (France) 1 redirects

ASN47268 (ZANOX, FR)

ad.zanox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.214.124.106 (Berlin, Germany)

ASN6724 (STRATO STRATO AG, DE)
PTR: h2491987.stratoserver.net

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.232 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

mathid.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.230.142 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.48 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.58.214.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.40 (European Union) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.67 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:cb00:2048:1::6810:a00d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:86:face:b00c:0:50fb (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::681f:4002 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

connect.topicit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:80a1:face:b00c:0:d0c (Ireland) 1 redirects

ASN32934 (FACEBOOK - Facebook, Inc., US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6810:a40d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200d (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2404:6800:4005:80e::2003 (Australia)

ASN15169 (GOOGLE - Google LLC, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.18.183.216 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.72.165.213 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 151.101.14.2 (San Francisco, United States) 6 redirects

ASN54113 (FASTLY - Fastly, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.14.49 (San Francisco, United States) 3 redirects

ASN54113 (FASTLY - Fastly, US)

15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.80 (European Union) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 152.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.85.158 (Ann Arbor, United States) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 158.85.201.35.bc.googleusercontent.com

server.exposebox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.22.98 (Mountain View, United States) 3 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.72.231.120 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-231-120.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.114.49 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

match.basebanner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
convammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
opps.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.208.220.127 (Boardman, United States) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-208-220-127.us-west-2.compute.amazonaws.com

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.132.33.27 (United States)

ASN18568 (BIDTELLECT - Bidtellect Inc., US)
PTR: 27.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.246.211 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 211.246.178.107.bc.googleusercontent.com

i.ssix.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.11.31 (Cambridge, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-31.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.53 (European Union) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 156.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.11.30 (Cambridge, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-30.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2400:cb00:2048:1::6811:914c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6811:8f4c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6811:8e4c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

vidstatb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.254.224 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-254-224.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.233.180 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

vpaid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aktrack.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.124 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.32 (Redwood City, United States)

ASN3257 (GTT-BACKBONE GTT, DE)

vid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	taboola.com 12 redirects cdn.taboola.com trc.taboola.com 15.taboola.com match.taboola.com images.taboola.com vidstat.taboola.com imprammp.taboola.com convammp.taboola.com vidstatb.taboola.com wf.taboola.com opps.taboola.com	3 MB
29	illiweb.com illiweb.com	100 KB
14	viglink.com cdn.viglink.com api.viglink.com	39 KB
11	pubmatic.com vpaid.pubmatic.com ads.pubmatic.com vid.pubmatic.com aktrack.pubmatic.com	39 KB
10	rubiconproject.com ads.rubiconproject.com optimized-by.rubiconproject.com beacon-eu2.rubiconproject.com eus.rubiconproject.com	15 KB
9	criteo.com cas.criteo.com cat.nl.eu.criteo.com gum.criteo.com	8 KB
8	doubleclick.net 3 redirects securepubads.g.doubleclick.net cm.g.doubleclick.net	91 KB
7	adnxs.com 5 redirects secure.adnxs.com ib.adnxs.com	10 KB
6	twitter.com platform.twitter.com syndication.twitter.com	37 KB
6	google.com www.google.com apis.google.com accounts.google.com	97 KB
5	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	52 KB
5	facebook.com 1 redirects staticxx.facebook.com www.facebook.com web.facebook.com	1 KB
5	hitsk.in hitsk.in	28 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	adsrvr.org 4 redirects match.adsrvr.org	3 KB
4	gstatic.com csi.gstatic.com	1 KB
4	ad-srv.net 1 redirects ad.ad-srv.net ad38.ad-srv.net	6 KB
4	imgfast.net imgfast.net	17 KB
3	ssix.io i.ssix.io	359 B
3	bttrack.com bttrack.com	1 KB
3	storygize.net 3 redirects www.storygize.net	1 KB
3	basebanner.com match.basebanner.com	1 KB
3	exposebox.com 3 redirects server.exposebox.com	1 KB
3	mathtag.com tags.mathtag.com mathid.mathtag.com	21 KB
3	scorecardresearch.com 1 redirects b.scorecardresearch.com	2 KB
3	google-analytics.com www.google-analytics.com	15 KB
3	criteo.net static.criteo.net	24 KB
2	spotxchange.com search.spotxchange.com	3 KB
2	addthis.com s7.addthis.com	114 KB
2	imgur.com i.imgur.com	20 KB
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	34 KB
2	forumeiros.com forumpcbrasil.forumeiros.com	114 KB
1	addthisedge.com m.addthisedge.com	521 B
1	topicit.net connect.topicit.net	2 KB
1	google.de adservice.google.de	178 B
1	googletagservices.com www.googletagservices.com	8 KB
1	facebook.net connect.facebook.net	62 KB
1	congstar.de banner.congstar.de
1	zanox.com 1 redirects ad.zanox.com	895 B
1	servimg.com i21.servimg.com	44 KB
200	40

	Domain	Requested by
29	illiweb.com	forumpcbrasil.forumeiros.com static.criteo.net ajax.googleapis.com
20	trc.taboola.com	9 redirects cdn.taboola.com
11	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com
11	api.viglink.com	cdn.viglink.com forumpcbrasil.forumeiros.com
9	match.taboola.com	3 redirects
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net forumpcbrasil.forumeiros.com
5	cdn.taboola.com	forumpcbrasil.forumeiros.com cdn.taboola.com tpc.googlesyndication.com pagead2.googlesyndication.com
5	hitsk.in	forumpcbrasil.forumeiros.com
4	vpaid.pubmatic.com	vidstat.taboola.com
4	images.taboola.com
4	x.bidswitch.net	4 redirects
4	match.adsrvr.org	4 redirects
4	ib.adnxs.com	4 redirects
4	csi.gstatic.com	forumpcbrasil.forumeiros.com
4	platform.twitter.com	ajax.googleapis.com platform.twitter.com
4	apis.google.com	illiweb.com apis.google.com
4	cat.nl.eu.criteo.com	cas.criteo.com forumpcbrasil.forumeiros.com
4	cas.criteo.com	static.criteo.net
4	imgfast.net	forumpcbrasil.forumeiros.com
3	ads.pubmatic.com	www.google.com
3	i.ssix.io
3	bttrack.com
3	www.storygize.net	3 redirects
3	match.basebanner.com
3	cm.g.doubleclick.net	3 redirects
3	server.exposebox.com	3 redirects
3	cdn.viglink.com	forumpcbrasil.forumeiros.com
3	secure.adnxs.com	1 redirects forumpcbrasil.forumeiros.com secure.adnxs.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net
3	eus.rubiconproject.com	forumpcbrasil.forumeiros.com
3	ad38.ad-srv.net	1 redirects forumpcbrasil.forumeiros.com ad38.ad-srv.net
3	beacon-eu2.rubiconproject.com	optimized-by.rubiconproject.com forumpcbrasil.forumeiros.com
3	optimized-by.rubiconproject.com	ads.rubiconproject.com
3	b.scorecardresearch.com	1 redirects cdn.taboola.com forumpcbrasil.forumeiros.com
3	www.google-analytics.com	forumpcbrasil.forumeiros.com
3	static.criteo.net	forumpcbrasil.forumeiros.com
2	aktrack.pubmatic.com
2	vid.pubmatic.com	vpaid.pubmatic.com
2	search.spotxchange.com	vidstat.taboola.com
2	wf.taboola.com	vidstat.taboola.com
2	convammp.taboola.com
2	syndication.twitter.com	forumpcbrasil.forumeiros.com
2	www.facebook.com	ajax.googleapis.com connect.facebook.net
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net forumpcbrasil.forumeiros.com
2	staticxx.facebook.com	connect.facebook.net
2	tags.mathtag.com	optimized-by.rubiconproject.com forumpcbrasil.forumeiros.com
2	s7.addthis.com	forumpcbrasil.forumeiros.com s7.addthis.com
2	i.imgur.com	forumpcbrasil.forumeiros.com
2	forumpcbrasil.forumeiros.com	www.google.com forumpcbrasil.forumeiros.com
1	opps.taboola.com	vidstat.taboola.com
1	vidstatb.taboola.com
1	imprammp.taboola.com	www.google.com
1	15.taboola.com	cdn.taboola.com
1	accounts.google.com	apis.google.com
1	web.facebook.com	1 redirects
1	m.addthisedge.com	s7.addthis.com
1	connect.topicit.net	forumpcbrasil.forumeiros.com
1	fonts.googleapis.com	cdn.taboola.com
1	gum.criteo.com	secure.adnxs.com
1	adservice.google.de	www.googletagservices.com
1	www.googletagservices.com	optimized-by.rubiconproject.com
1	connect.facebook.net	forumpcbrasil.forumeiros.com
1	mathid.mathtag.com	forumpcbrasil.forumeiros.com
1	banner.congstar.de	ad38.ad-srv.net
1	ad.zanox.com	1 redirects
1	ad.ad-srv.net	www.google.com
1	ads.rubiconproject.com	forumpcbrasil.forumeiros.com
1	i21.servimg.com	forumpcbrasil.forumeiros.com
1	ajax.googleapis.com	forumpcbrasil.forumeiros.com
1	www.google.com
200	70

This site contains links to these domains. Also see Links.

Domain
www.forumeiros.com
add.my.yahoo.com
my.msn.com
feeds.my.aol.com
www.netvibes.com
www.bloglines.com
digg.com
del.icio.us
reddit.com
www.stumbleupon.com
slashdot.org
compose.mail.yahoo.com
www.google.com
blogmarks.net
favorites.live.com
www.facebook.com
twitter.com
i.viglink.com
assets-yammer.com
dell.com
pg.dofiscal.com
extraweb-americas.ey.com
extraweb-apac.ey.com
extraweb-emea.ey.com
extraweb2-americas.ey.com
extraweb2-apac.ey.com
extraweb2-emea.ey.com
gs.ey.com
eygaait.com
eysupplife.com
intellinex.com
lexis-nexis.com
lexis.com
lexisnexis.com
sagelogiccontrol.com
taleo.com
yammer.com
rhino.acme.com
x.acme.com
google.com
go.microsoft.com
www.bing.com
http.a3software.com
http.adobe.com
dofiscal.com
personal-plans.com
http.thomsonreuters.com
popup.taboola.com
buquiz.com
wojournals.com
buhamster.com
ajuda.forumeiros.com

Subject Issuer	Validity	Valid
www.google.com Google Internet Authority G3	`2018-06-19` - `2018-08-28`	2 months	crt.sh
*.congstar.de COMODO RSA Organization Validation Secure Server CA	`2017-10-24` - `2021-01-21`	3 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2016-01-12` - `2019-03-01`	3 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
*.apis.google.com Google Internet Authority G3	`2018-06-19` - `2018-08-28`	2 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2017-12-02` - `2018-12-05`	a year	crt.sh
accounts.google.com Google Internet Authority G3	`2018-06-19` - `2018-08-28`	2 months	crt.sh

This page contains 24 frames:

Primary Page: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Frame ID: EBB0B3684E2D0B8AC965383C470B81C9
Requests: 153 HTTP requests in this frame

Frame: https://banner.congstar.de/cookie/?zxid=37494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483&zUserID=977569
Frame ID: 4FFE552716149EDF0173B4819E280383
Requests: 1 HTTP requests in this frame

Frame: http://ad38.ad-srv.net/request_content.php?s=66030800111468200438028010556038&a=2f8c46a3
Frame ID: FC06BF5BE01EE1BB18083B0C6969D294
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: E0DEA26818F9DC48D89157172F2FF6F0
Requests: 1 HTTP requests in this frame

Frame: http://staticxx.facebook.com/connect/xd_arbiter/r/1e2RywyANNe.js?version=42
Frame ID: D2568CE72DFC4DB735F8485A83C3A905
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/1e2RywyANNe.js?version=42
Frame ID: 539777806E0DCD121E31CDD26ED79DD0
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 67748CC22B58B59B05CFA25B609C42FC
Requests: 1 HTTP requests in this frame

Frame: http://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: BDA5138E2300034CBACD02A7197E456C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: C5A17B0783FB88F9E4CA7BCE2125B0D9
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?locale=en_GB&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-&send=false&layout=box_count&width=60&show_faces=false&action=like&colorscheme=light&font&height=60
Frame ID: 2AE1C2B5A3E473C892DB051F1BCDCC22
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false&_rdc=1&_rdr
Frame ID: A48B6CBDA11562174B73BEB408A7CC41
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&count=true&origin=http%3A%2F%2Fforumpcbrasil.forumeiros.com&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__
Frame ID: 19F0F52E5D2B807CB65A4C4ED5B7657B
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.7a5ca036ea5299f1d2ebb2234731e35e.html?origin=http%3A%2F%2Fforumpcbrasil.forumeiros.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 592F6A8CF4E9F5D8359419AA764AA97C
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fforumpcbrasil.forumeiros.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__
Frame ID: 3682A7391E0A0F81685E4BA1DEA1D64F
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.7a5ca036ea5299f1d2ebb2234731e35e.pt.html
Frame ID: 978E25A94B44613DE0CC33A872C81D69
Requests: 1 HTTP requests in this frame

Frame: http://cat.nl.eu.criteo.com/delivery/lg.php?cppv=1&cpp=4TpH3XxPZ3hnQ3Z1YjhVNnIwTElPcmVGaDRJamVnNkQwVGh5WDZUYlRxdEFtUzZtSUtrdnQvVzZWWjNiYVphaDlxWVZRL0J1Nk1iaWxjMlhieXZmR3MyenFrRDJwc0g1S2UvYXcxaHY3S2tmbUd0Nm5uQjRteHROd1ZNYmswZDFsa3dtcGVzbUp0blYxdjkyRTEwYVZqS2pxSXp0RERtaHZRbUVoUTd2UHJJdUkwbkZaYnBOMWRTczl3dnRVdTBQcmoxNjlBTUdaZjhpNVB1SGxZakIwbTlxSGRrK0hOblhhYVZxeDNGak9tUzVZUFhQWkN3WGorbTVZL2FoaUpLNk1tMEJBfA%3D%3D
Frame ID: 1103167EE5A1C2C667E5C80DFD3F928C
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Frame ID: 8AB6E3C063D19E428C63C70D0CA9FBDC
Requests: 8 HTTP requests in this frame

Frame: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Frame ID: 524DE70E9B6EC84215077DC92EE9C6A7
Requests: 8 HTTP requests in this frame

Frame: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Frame ID: B7DC15882AD45FF0F3DBA434832596D4
Requests: 8 HTTP requests in this frame

Frame: http://imprammp.taboola.com/st?cipid=8019757&ttype=0&cirid=246FDEC39245060130708544476&cicmp=1762675&cijs=1&dast=V7dEYCFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHHDKazUgsDmc5Ga0Gs8FislysdpPdZLgaDafgMGWnyWU5qAWypsnld4MOmk6H614v81teb8PHYnl4nma7zG95vV1Oy99z1_jdftFlN1utlXaby-Nx-N1qh9n3sLzsAAAAAPAAwLQVAvEDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAWCgn6UBAPUBAPAQAAIAMKBAAiAw31kCcNHQcQIAAAAAAAAAwPL___8fA6D31SIDoFE-d2PQA_DgA_AgBAAAkDWkPk7gogG2YU4UEFrECAAAAIByv8X_SFInVBZVAAAE6VYAVwAAAWSKkHaSWbqDEm9hAAAAAWIdWSD0tEsnqGML9LD4_WaHXeN3uwwAAAAAAAAAwOz_7B9NiOhMKi1ohW1R7RcQAGDtFxAAgE3dAADeAuBC7gJNp8Pnutfrfr-7zu_3mV12jd_tFx1BKwaD1RnQbria7WYHAAAAcPf___-P15EFQk-7dIKqB0Ijk8M4splmvt3CMVtMFsPFyDayrBaryWhl3Oy2lz6lRk50_4Pc5zBlp8llOagFsqbJ5bffhC1Gq8lksxzOlovJYDgajkb7E7DdACdoOBwsdoPFbrEYThaT0WA5WKBADCY4IcPRZrIa7Va7yXI4GY1mm8kGKVq1mo02g-FqNpntdqvhYLgcjZCiNYvZZLKYjZa7zWA5GQ2Gk-EQYWIws41MJpdbttzt1qKJa-UWzmaGtcjjsq1mtonD4xmuRa-P6bKZeWyu2RYFAxr2IrhIJzK_5fX2m55-u1twuoglmpNFOpFd9qWRyWEc2Uwz327hmC0mi-FiZBtZVovVZLQybnb7xmBmG5lMLrdsudutRRPXyi2czQxrkcdlW81sE4fHM1yLXh_TZTPz2FyzfWO1WWw2m8FuuG-sNovNZjPYDfcdBu9R9LP5PSZv5juZmmQOg8JlsHh_EtNi2p0dPL_f0alSXTTGhuybUJgNBkUsEZwu0onoZTxdxBLJ0yKd6EaWycI4sRgnC5NlshotbLbJauGZDHcLm3HimkzEEqXpIp3oRZfdbLVW2m0uj8fhd6sdZt_D8rKo_-gQo-FcslrMRau5ZDVaJQAAAAAAAACAJcyZNwEAAAAA!&excid=22&tst=1&docw=0
Frame ID: C34F8402B6C21B702E4A7F32B5F7B648
Requests: 1 HTTP requests in this frame

Frame: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Frame ID: E4185379C51AE36FB4CC947A45DDDE86
Requests: 3 HTTP requests in this frame

Frame: http://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 4EFAE80C77577C9F62590D2A110E4EDF
Requests: 1 HTTP requests in this frame

Frame: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Frame ID: DF02ED9E78D745B232B6D9150FEE20DA
Requests: 3 HTTP requests in this frame

Frame: http://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: B745CFB9FDE002AE0E2C511EA76F56EB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05f... Page URL
http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware Page URL

Detected technologies

Google Web Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /gws/i

AddThis (Widgets) Expand

Criteo (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^criteo/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^googletag$/i

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:^[^\/]*\/\/[^\/]*viglink\.com\/api\/|vglnk\.js)/i
env /^(?:vglnk(?:$|_)|vl_(?:cB|disable)$)/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
env /^_?COMSCORE$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

200
Requests

6 %
HTTPS

36 %
IPv6

40
Domains

70
Subdomains

58
IPs

9
Countries

4434 kB
Transfer

7394 kB
Size

5
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://www.forumeiros.com/

Search URL Search Domain Scan URL

URL: http://add.my.yahoo.com/rss?url=http://forumpcbrasil.forumeiros.com/feed/

Search URL Search Domain Scan URL

URL: http://my.msn.com/addtomymsn.armx?id=rss&ut=http://forumpcbrasil.forumeiros.com/feed/

Search URL Search Domain Scan URL

URL: http://feeds.my.aol.com/add.jsp?url=http://forumpcbrasil.forumeiros.com/feed/

Search URL Search Domain Scan URL

URL: http://www.netvibes.com/subscribe.php?type=rss&url=http://forumpcbrasil.forumeiros.com/feed/

Search URL Search Domain Scan URL

URL: http://www.bloglines.com/sub/http://forumpcbrasil.forumeiros.com/feed/

Search URL Search Domain Scan URL

URL: http://digg.com/submit?phase=2&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&bodytext=&tags=&title=

Search URL Search Domain Scan URL

URL: https://del.icio.us/post?v=2&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&notes=&tags=&title=

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&title=

Search URL Search Domain Scan URL

URL: https://www.stumbleupon.com/submit?url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&title=

Search URL Search Domain Scan URL

URL: https://slashdot.org/submission?url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&title=

Search URL Search Domain Scan URL

URL: https://compose.mail.yahoo.com/?To=&Subject=&body=http%3A%2F%2Fforumpcbrasil.forumeiros.com

Search URL Search Domain Scan URL

URL: https://www.google.com/bookmarks/mark?op=add&hl=pt&bkmk=http%3A%2F%2Fforumpcbrasil.forumeiros.com&annotation=&labels=&title=

Search URL Search Domain Scan URL

URL: http://blogmarks.net/my/new.php?mini=1&simple=1&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&content=&public-tags=&title=

Search URL Search Domain Scan URL

URL: https://favorites.live.com/quickadd.aspx?marklet=1&mkt=pt&top=0&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com&title=http%3A%2F%2Fforumpcbrasil.forumeiros.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/share.php?u=http%3A%2F%2Fforumpcbrasil.forumeiros.com&t=

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=http%3A%2F%2Fforumpcbrasil.forumeiros.com

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=34247986f943e1111106e2bd638e0268&insertId=170a3158&type=L&exp=-100%3ACILITE%3A67&libId=jjhg665v01011025000DAbjnam90d&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&v=1&out=http%3A%2F%2Fwww.ebay.de%2Fsch%2Fi.html%3F_nkw%3Dwindows%2B7&ref=https%3A%2F%2Fwww.google.com%2F&title=Infec%C3%A7%C3%A3o%20Malware&txt=%3Cspan%3EWindows%20%3C%2Fspan%3E%3Cspan%3E7%3C%2Fspan%3E
Title: Windows 7

Search URL Search Domain Scan URL

URL: http://assets-yammer.com/
Title: assets-yammer.com

Search URL Search Domain Scan URL

URL: http://dell.com/
Title: dell.com

Search URL Search Domain Scan URL

URL: http://pg.dofiscal.com/
Title: pg.dofiscal.com

Search URL Search Domain Scan URL

URL: http://extraweb-americas.ey.com/
Title: extraweb-americas.ey.com

Search URL Search Domain Scan URL

URL: http://extraweb-apac.ey.com/
Title: extraweb-apac.ey.com

Search URL Search Domain Scan URL

URL: http://extraweb-emea.ey.com/
Title: extraweb-emea.ey.com

Search URL Search Domain Scan URL

URL: http://extraweb2-americas.ey.com/
Title: extraweb2-americas.ey.com

Search URL Search Domain Scan URL

URL: http://extraweb2-apac.ey.com/
Title: extraweb2-apac.ey.com

Search URL Search Domain Scan URL

URL: http://extraweb2-emea.ey.com/
Title: extraweb2-emea.ey.com

Search URL Search Domain Scan URL

URL: http://gs.ey.com/
Title: gs.ey.com

Search URL Search Domain Scan URL

URL: http://eygaait.com/
Title: eygaait.com

Search URL Search Domain Scan URL

URL: http://eysupplife.com/
Title: eysupplife.com

Search URL Search Domain Scan URL

URL: http://intellinex.com/
Title: intellinex.com

Search URL Search Domain Scan URL

URL: http://lexis-nexis.com/
Title: lexis-nexis.com

Search URL Search Domain Scan URL

URL: http://lexis.com/
Title: lexis.com

Search URL Search Domain Scan URL

URL: http://lexisnexis.com/
Title: lexisnexis.com

Search URL Search Domain Scan URL

URL: http://sagelogiccontrol.com/
Title: sagelogiccontrol.com

Search URL Search Domain Scan URL

URL: http://taleo.com/
Title: taleo.com

Search URL Search Domain Scan URL

URL: http://yammer.com/
Title: yammer.com

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=34247986f943e1111106e2bd638e0268&insertId=45d4823e&type=L&exp=-100%3ACILITE%3A67&libId=jjhg665v01011025000DAbjnam90d&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&v=1&out=http%3A%2F%2Fwww.ebay.de%2Fsch%2Fi.html%3F_nkw%3Dadobe&ref=https%3A%2F%2Fwww.google.com%2F&title=Infec%C3%A7%C3%A3o%20Malware&txt=%3Cspan%3EAdobe%3C%2Fspan%3E
Title: Adobe

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=34247986f943e1111106e2bd638e0268&insertId=9461b270&type=L&exp=-100%3ACILITE%3A67&libId=jjhg665v01011025000DAbjnam90d&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&v=1&out=http%3A%2F%2Fwww.ebay.de%2Fsch%2Fi.html%3F_nkw%3Dservice%2Bpack%2B1&ref=https%3A%2F%2Fwww.google.com%2F&title=Infec%C3%A7%C3%A3o%20Malware&txt=%3Cspan%3EService%20%3C%2Fspan%3E%3Cspan%3EPack%20%3C%2Fspan%3E%3Cspan%3E1%3C%2Fspan%3E
Title: Service Pack 1

Search URL Search Domain Scan URL

URL: http://rhino.acme.com/
Title: rhino.acme.com

Search URL Search Domain Scan URL

URL: http://x.acme.com/
Title: x.acme.com

Search URL Search Domain Scan URL

URL: http://google.com/
Title: http://google.com

Search URL Search Domain Scan URL

URL: http://go.microsoft.com/fwlink/?LinkId=54896
Title: http://go.microsoft.com/fwlink/?LinkId=54896

Search URL Search Domain Scan URL

URL: http://go.microsoft.com/fwlink/?LinkId=69157
Title: http://go.microsoft.com/fwlink/?LinkId=69157

Search URL Search Domain Scan URL

URL: http://www.google.com/search?q={searchTerms
Title: http://www.google.com/search?q={searchTerms

Search URL Search Domain Scan URL

URL: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
Title: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

Search URL Search Domain Scan URL

URL: http://http.a3software.com/
Title: http.a3software.com

Search URL Search Domain Scan URL

URL: http://http.adobe.com/
Title: http.adobe.com

Search URL Search Domain Scan URL

URL: http://dofiscal.com/
Title: dofiscal.com

Search URL Search Domain Scan URL

URL: http://personal-plans.com/
Title: personal-plans.com

Search URL Search Domain Scan URL

URL: http://http.thomsonreuters.com/
Title: http.thomsonreuters.com

Search URL Search Domain Scan URL

URL: http://popup.taboola.com/pt/?template=colorbox&utm_source=forumotion-pt&utm_medium=referral&utm_content=thumbnails-Below:Below%20Article%20Thumbnails:
Title: Sponsored Links

Search URL Search Domain Scan URL

URL: http://buquiz.com/br/voce-consegue-passar-neste-teste-nivel-ensino-fundamental.html
Title: Buquiz.com

Search URL Search Domain Scan URL

URL: http://wojournals.com/16-unbelievable-pictures-of-things-you-wont-believe-exist.html
Title: WoJournals

Search URL Search Domain Scan URL

URL: http://buquiz.com/br/voce-consegue-passar-neste-teste-sobre-gatos-nos-apostamos-que-voce-nao-consegue.html
Title: Buquiz.com

Search URL Search Domain Scan URL

URL: http://buhamster.com/br/20-gatos-maravilhosamente-preguicosos-que-conseguiram-chegar-a-um-estado-de-relaxamento-total.html
Title: BuHamster.com

Search URL Search Domain Scan URL

URL: http://www.forumeiros.com/
Title: Forumeiros.com

Search URL Search Domain Scan URL

URL: https://www.forumeiros.com/phpbb
Title: phpBB

Search URL Search Domain Scan URL

URL: http://ajuda.forumeiros.com/
Title: Fórum grátis de ajuda

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9 Page URL
http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

http://b.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&c9=https%3A%2F%2Fwww.google.com%2F HTTP 302
http://b.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&c9=https%3A%2F%2Fwww.google.com%2F

Request Chain 57

http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0 HTTP 302
http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0&uidRedirect=1

Request Chain 58

https://ad.zanox.com/tpv/?37494895C2047965762T&zpar0=66030800111468200438028010556038 HTTP 302
https://banner.congstar.de/cookie/?zxid=37494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483&zUserID=977569

Request Chain 79

https://secure.adnxs.com/ttj?id=13218132&cb=532522921&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%2526sai%253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%2526sig%253DCg0ArKJSzHMgxgeU4ThDEAE%2526urlfix%253D1%2526adurl%253D HTTP 302
https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%252526sai%25253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%252526sig%25253DCg0ArKJSzHMgxgeU4ThDEAE%252526urlfix%25253D1%252526adurl%25253D

Request Chain 102

https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false HTTP 302
https://www.facebook.com/plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false&_rdc=1&_rdr

Request Chain 133

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
http://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Ftrc.taboola.com%2Fsg%2Fappnexus-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24UID HTTP 302
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619 HTTP 302
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

Request Chain 134

http://server.exposebox.com/rcm HTTP 302
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

Request Chain 135

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

Request Chain 136

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
http://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3 HTTP 302
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

Request Chain 137

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

Request Chain 140

http://x.bidswitch.net/sync?ssp=taboola HTTP 302
http://x.bidswitch.net/ul_cb/sync?ssp=taboola HTTP 302
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2 HTTP 302
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

Request Chain 141

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619 HTTP 302
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

Request Chain 142

http://server.exposebox.com/rcm HTTP 302
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

Request Chain 143

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

Request Chain 144

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3 HTTP 302
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

Request Chain 145

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

Request Chain 148

http://x.bidswitch.net/sync?ssp=taboola HTTP 302
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2 HTTP 302
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

Request Chain 149

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619 HTTP 302
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

Request Chain 150

http://server.exposebox.com/rcm HTTP 302
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

Request Chain 151

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

Request Chain 152

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3 HTTP 302
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

Request Chain 153

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

Request Chain 156

http://x.bidswitch.net/sync?ssp=taboola HTTP 302
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2 HTTP 302
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

200 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 url
www.google.com/ 494 B
634 B 31ms
30ms Document
text/html 2a00:1450:4001:812::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:812::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

gws /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9

Response headers

status: 200
date: Wed, 11 Jul 2018 18:17:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=86400
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: gzip
server: gws
content-length: 296
x-xss-protection: 1; mode=block
set-cookie: NID=134=bbJZ70FCPUMKI5vQD2vegXVzUVN8IKtWFd3F0Hpw3axPQCqAw_0UBIlmIxJ6Ok7ChNvszFlqnPbcht0Ieh7PriTs9T24CkvBJefPcEpRMzcMws11__QdIribcHD_Xkps; expires=Thu, 10-Jan-2019 18:17:40 GMT; path=/; domain=.google.com; HttpOnly CONSENT=WP.26f19d; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"

GET
H/1.1 200
OK Primary Request t2765-infeccao-malware Show response
forumpcbrasil.forumeiros.com/ 294 KB
59 KB 716ms
321ms Document
text/html 178.33.115.32
OVH

General

Check archive.org

Show headers Download Go to

Full URL

http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Requested by

Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9

Protocol

HTTP/1.1

Server

178.33.115.32 , Spain, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a487b114776c73ff4085daac005555f8406a0af7501cdda920bc8c30d5fbf8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0; mode=block

Request headers

Host: forumpcbrasil.forumeiros.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: https://www.google.com/

Response headers

Date: Wed, 11 Jul 2018 18:17:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 11 Jul 2018 00:00:00 GMT
Last-Modified: Wed, 11 Jul 2018 18:17:42 GMT
Vary: User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 0; mode=block
Access-Control-Allow-Origin: *
Content-Encoding: gzip

GET
H/1.1 200
OK 0-ltr.css
forumpcbrasil.forumeiros.com/ 152 KB
55 KB 46ms
31ms Stylesheet
text/css 178.33.115.32
OVH

General

Check archive.org

Show headers Download Go to

Full URL

http://forumpcbrasil.forumeiros.com/0-ltr.css

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

178.33.115.32 , Spain, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

ee733e900aa808963beae88c53ba7b93fd57cf5fc4cdde2fbaa7a324a5db72a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Connection: keep-alive
Cache-Control: no-cache
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 11 Jul 2018 00:00:00 GMT
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Content-Length: 56067
X-XSS-Protection: 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ 93 KB
33 KB 16ms
4ms Script
text/javascript 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 02 Jul 2018 12:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 797228
status: 200
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 33845
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Jul 2019 12:50:35 GMT

GET
S 200 notutf8-pt.js Show response
illiweb.com/rsc/38/frm/lang/ 70 KB
17 KB 59ms
20ms Script
application/x-javascript 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rsc/38/frm/lang/notutf8-pt.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cb4e400051f23df07d690f75554f98a3b384b974f48097a1ade26f01cc416e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origSize=71528
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Jun 2018 12:24:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
expires: Thu, 11 Jul 2019 18:17:43 GMT
cache-control: public, max-age=31536000
cf-ray: 438d44bf8ffb96d6-FRA
cf-bgj: minify

GET
H/1.1 200
OK publishertag.js Show response
static.criteo.net/js/ld/ 76 KB
23 KB 110ms
23ms Script
text/javascript 178.250.2.74
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.74 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: static.criteo.net
Software: nginx /
Resource Hash: d72a9caa118a6b30d0a607786d5cdbd97cd34e70e1d1d799ba728e291eadc320

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Server: nginx
ETag: W/"5b3b5e46-13132"
Transfer-Encoding: chunked
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400, public
Connection: keep-alive
Timing-Allow-Origin: *
Expires: Thu, 12 Jul 2018 18:17:43 GMT

GET
S 200 jquery.cookie.js Show response
illiweb.com/rsc/38/frm/jquery/cookie/ 1011 B
567 B 54ms
16ms Script
application/x-javascript 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rsc/38/frm/jquery/cookie/jquery.cookie.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
cf-bgj: minify
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 438d44bf8ffc96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 FAToolbar.js Show response
illiweb.com/rsc/38/frm/jquery/toolbar/ 23 KB
6 KB 64ms
26ms Script
application/x-javascript 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rsc/38/frm/jquery/toolbar/FAToolbar.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39176ddb48e89fcf13cb33acad8f52c981a6e54d1afbffd16d1d4928fc8698d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
cf-bgj: minify
x-xss-protection: 1; mode=block
last-modified: Fri, 10 Feb 2017 15:40:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 438d44bf8ffd96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK novo_g10.jpg
i21.servimg.com/u/f21/13/10/30/01/ 44 KB
44 KB 45ms
12ms Image
image/jpeg 2400:cb00:2048:1::6812:37a5
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://i21.servimg.com/u/f21/13/10/30/01/novo_g10.jpg

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

2400:cb00:2048:1::6812:37a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55c43748b656dc937e56f39e2cc71bd178cadd3ab674efbdb5d3c52406ad06ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Connection: keep-alive
Content-Length: 44545
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 17 Sep 2015 12:03:13 GMT
Server: cloudflare
ETag: "55faac01-ae01"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 438d44bf83622774-FRA
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK i_icon_mini_index.png
hitsk.in/t/14/16/61/ 5 KB
5 KB 52ms
17ms Image
image/png 87.98.186.20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://hitsk.in/t/14/16/61/i_icon_mini_index.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

87.98.186.20 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

16bd47540413e3493b156d514331f3d0446e82c11b04fc1066804a3c7d0c45d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 27 Oct 2010 18:15:39 GMT
Server: nginx
ETag: "4cc86c4b-13d7"
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5079
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 empty.gif
illiweb.com/fa/ 42 B
480 B 46ms
11ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/empty.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 42
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
server: cloudflare
etag: "41d5e800-2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bf8fff96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK i_icon_mini_faq.png
hitsk.in/t/14/16/61/ 5 KB
5 KB 52ms
18ms Image
image/png 87.98.186.20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://hitsk.in/t/14/16/61/i_icon_mini_faq.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

87.98.186.20 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

6ffba61672da54bdb039b5ae1fc13d5715beab1af81dde518c3e4135594732eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 27 Oct 2010 18:15:40 GMT
Server: nginx
ETag: "4cc86c4c-1384"
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 4996
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK i_icon_mini_search.png
hitsk.in/t/14/16/61/ 5 KB
6 KB 52ms
18ms Image
image/png 87.98.186.20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://hitsk.in/t/14/16/61/i_icon_mini_search.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

87.98.186.20 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

5e2e13cd4cd1ffeed714a372a803034b3b6dd986f22eb61457f6c33543d12386

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 27 Oct 2010 18:15:39 GMT
Server: nginx
ETag: "4cc86c4b-14cb"
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5323
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK i_icon_mini_register.png
hitsk.in/t/14/16/61/ 5 KB
6 KB 48ms
14ms Image
image/png 87.98.186.20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://hitsk.in/t/14/16/61/i_icon_mini_register.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

87.98.186.20 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

34fa520c9262737b4e5a38ee5fecfe052b263ce80e790fc0f735bc0ad46efbd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 27 Oct 2010 18:15:39 GMT
Server: nginx
ETag: "4cc86c4b-14f4"
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5364
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK i_icon_mini_login.png
hitsk.in/t/14/16/61/ 5 KB
6 KB 48ms
14ms Image
image/png 87.98.186.20
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://hitsk.in/t/14/16/61/i_icon_mini_login.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

87.98.186.20 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

89c117399ab6d8d873578ee0c4ebe50a658cbbd4f4d1d74facdf50113b5afd7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff, nosniff
Last-Modified: Wed, 27 Oct 2010 18:15:39 GMT
Server: nginx
ETag: "4cc86c4b-1490"
Content-Type: image/png
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5264
X-XSS-Protection: 1; mode=block, 1; mode=block
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 rss_br10.png
illiweb.com/fa/rss_mod/ 447 B
557 B 49ms
14ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/rss_mod/rss_br10.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6afb26a22a3683d4587e4c96ab286eb61fe401dbe07cc1b38748d1671dcd1f0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 447
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:01:05 GMT
server: cloudflare
etag: "5739a871-1bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bf880096d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 digg.gif
illiweb.com/fa/social_bookmarking/ 356 B
457 B 49ms
15ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/digg.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cc9db979e7df62543456027de432bfe6f751febd6386a21ce8f34ec05dcc779

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 356
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:17:18 GMT
server: cloudflare
etag: "586d11fe-164"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bf880196d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 delicious.gif
illiweb.com/fa/social_bookmarking/ 387 B
488 B 35ms
6ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/delicious.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfe029ab8d317564a696749072c21afb7704068c15e4593c301d837a5940a729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 387
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:20:32 GMT
server: cloudflare
etag: "586d12c0-183"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84096d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 reddit.gif
illiweb.com/fa/social_bookmarking/ 717 B
818 B 34ms
6ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/reddit.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3174887814d1432109a58b186ea78834f33ee118bf8dfb7839e15f2b21e5f583

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 717
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:20:52 GMT
server: cloudflare
etag: "586d12d4-2cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84196d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 stumbleupon.gif
illiweb.com/fa/social_bookmarking/ 655 B
756 B 35ms
7ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/stumbleupon.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

514b5dc90de7362be9824f6e1b254c6ddd014a0116a53c9669c7b37a7eb94120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 655
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:20:42 GMT
server: cloudflare
etag: "586d12ca-28f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84296d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 slashdot.gif
illiweb.com/fa/social_bookmarking/ 701 B
801 B 34ms
5ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/slashdot.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

18bd4fca2ecd2f93d312b4b551c6aec9dbdd62a860be392cb06b938800cd3577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 701
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:20:10 GMT
server: cloudflare
etag: "586d12aa-2bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84396d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 yahoo.gif
illiweb.com/fa/social_bookmarking/ 562 B
698 B 37ms
8ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/yahoo.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e17bb20e4061d5d86f1e9f575f4f801915881f8e3abe7868490106833905d8ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 562
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:19:44 GMT
server: cloudflare
etag: "586d1290-232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84496d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 google.gif
illiweb.com/fa/social_bookmarking/ 648 B
749 B 36ms
7ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/google.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a552ed3ef01e39ad4e519b609c8c0d9edb73ab99d4118999d29e0aceb1b36d04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 648
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:17:02 GMT
server: cloudflare
etag: "586d11ee-288"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84596d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 blogmarks.gif
illiweb.com/fa/social_bookmarking/ 567 B
668 B 40ms
12ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/blogmarks.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2e298ee90ec9a20b11a0990bf016c727e21956b04241fa8af3aecc013e9f484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 567
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:18:26 GMT
server: cloudflare
etag: "586d1242-237"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84696d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 live.gif
illiweb.com/fa/social_bookmarking/ 182 B
283 B 36ms
8ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/live.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f838d90ece2bb8db03277b435d27ad03eddb14a62b14682e078cf3b1d57d4d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 182
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:17:44 GMT
server: cloudflare
etag: "586d1218-b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84796d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 facebook.gif
illiweb.com/fa/social_bookmarking/ 646 B
747 B 39ms
12ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/facebook.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5206296d25769debb150836abafd9a12316ccd64492e1ea77c583c2e83a8bf62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 646
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:17:32 GMT
server: cloudflare
etag: "586d120c-286"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84896d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 twitter.gif
illiweb.com/fa/social_bookmarking/ 328 B
429 B 33ms
6ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/twitter.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3906923ab5823ddeb0b609865c895827aac92d1e4c51ca716809babe940f9675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 328
x-xss-protection: 1; mode=block
last-modified: Wed, 04 Jan 2017 15:16:22 GMT
server: cloudflare
etag: "586d11c6-148"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84996d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 icon_mini_search.gif
illiweb.com/fa/ 238 B
315 B 34ms
7ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/icon_mini_search.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

605183a8594eb65a3db95a7735ad7adac28b7b9814a70334837fe630bdd8d5f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 238
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
server: cloudflare
etag: "41d5e800-ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84a96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 vote_lcap.png
illiweb.com/fa/prosilver_grey/ 87 B
187 B 34ms
7ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/prosilver_grey/vote_lcap.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cc0f23c9c4d5db529fe4aa40ea04636d4b59233aa4618280238dd859059fe46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 87
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:00:40 GMT
server: cloudflare
etag: "5739a858-57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84b96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 voting_bar.png
illiweb.com/fa/prosilver_grey/ 86 B
389 B 35ms
8ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/prosilver_grey/voting_bar.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

75bf4ea0c970f9dfb8ac9a4c90849d71d033828a42ac2bee533ddbd5a62d1253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 86
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 08:29:50 GMT
server: cloudflare
etag: "573984fe-56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84c96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 vote_rcap.png
illiweb.com/fa/prosilver_grey/ 89 B
174 B 35ms
9ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/prosilver_grey/vote_rcap.png

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

266341ea4b094a5dfcb9e4dfc17505e83694fd6ae5a24a78b4aaa3a5a0d40c7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 89
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:00:40 GMT
server: cloudflare
etag: "5739a858-59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84d96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 icon_calendar2.gif
illiweb.com/fa/prosilver_grey/ 217 B
317 B 46ms
19ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/prosilver_grey/icon_calendar2.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cbe6ddbabf28f61101c413c1956a045966b327fc9762d4379d6ad927baeceff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 217
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:00:39 GMT
server: cloudflare
etag: "5739a857-d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfb84e96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK Divers_30.gif
illiweb.com/fa/i/avatars/gallery/Divers/ 34 KB
35 KB 28ms
11ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://illiweb.com/fa/i/avatars/gallery/Divers/Divers_30.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dd0287567e038ad7ab9639aa62d774af7be8d5077a3715b6c5cd6c777c02105

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Connection: keep-alive
Content-Length: 34782
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 16 May 2016 10:56:44 GMT
Server: cloudflare
ETag: "5739a76c-87de"
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 438d44bf748696fa-FRA
Expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK wbhdqSh.png
i.imgur.com/ 9 KB
9 KB 39ms
9ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/wbhdqSh.png
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: b2a53e063d9364aef5f3d8d4eb41a833dc3781f57bf776f0b1fff7da1f2b6ad5

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Age: 1183702
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 8990
X-Served-By: cache-iad2138-IAD, cache-hhn1537-HHN
Last-Modified: Sun, 20 Oct 2013 12:00:13 GMT
Server: cat factory 1.0
X-Timer: S1531333064.657543,VS0,VE1
ETag: "080b0b7e96ca01de2215f8a93d46e712"
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
cache-control: public, max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 1

GET
S 200 161-45.jpg
imgfast.net/users/1712/29/07/67/avatars/ 13 KB
14 KB 156ms
116ms Image
image/jpeg 2400:cb00:2048:1::681f:4945
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgfast.net/users/1712/29/07/67/avatars/161-45.jpg

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681f:4945 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

873bb741b03e7bd63baced35d272dd047a6bd4b09b0a0bc85f7c6a2d385aad39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 13803
x-xss-protection: 1; mode=block
last-modified: Wed, 30 Apr 2014 02:30:45 GMT
server: cloudflare
etag: "53606055-35eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfff7c63cd-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK snFcHn5.png
i.imgur.com/ 10 KB
11 KB 26ms
9ms Image
image/png 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://i.imgur.com/snFcHn5.png
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 151.101.112.193 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: a261495c570b86473b59632ef283e7187b743103e5b963c2158be6de2015bffc

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Age: 4783717
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 10303
X-Served-By: cache-iad2144-IAD, cache-hhn1529-HHN
Last-Modified: Sun, 20 Oct 2013 15:39:28 GMT
Server: cat factory 1.0
X-Timer: S1531333064.659157,VS0,VE1
ETag: "7144672d650edc3524d383263afc9d02"
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
cache-control: public, max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 1

GET
S 200 772309.gif
imgfast.net/users/1712/29/07/67/smiles/ 689 B
769 B 163ms
124ms Image
image/gif 2400:cb00:2048:1::681f:4945
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgfast.net/users/1712/29/07/67/smiles/772309.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681f:4945 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a5a6b82298915e1c7042dc805fdac769f013e0596443d44c1b9727a3fb67cfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 689
x-xss-protection: 1; mode=block
last-modified: Mon, 01 Jan 2001 00:00:00 GMT
server: cloudflare
etag: "3a4fc880-2b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfff7d63cd-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 668773.gif
imgfast.net/users/1712/29/07/67/smiles/ 175 B
648 B 145ms
115ms Image
image/gif 2400:cb00:2048:1::681f:4945
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgfast.net/users/1712/29/07/67/smiles/668773.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681f:4945 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a6958ece4cd78493c2ea4c7ba23cf956a09ea5b908aa4bff809275d283f36c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 175
x-xss-protection: 1; mode=block
last-modified: Mon, 01 Jan 2001 00:00:00 GMT
server: cloudflare
etag: "3a4fc880-af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfff7e63cd-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 648673379.gif
imgfast.net/users/1712/29/07/67/smiles/ 2 KB
2 KB 179ms
149ms Image
image/gif 2400:cb00:2048:1::681f:4945
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imgfast.net/users/1712/29/07/67/smiles/648673379.gif

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681f:4945 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa1a8e0c61361e26d351c391e584d1f716349a54c8236827ed97ad53564e1b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
vary: Accept-Encoding
content-length: 1965
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Sep 2014 13:32:55 GMT
server: cloudflare
etag: "54071887-7ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44bfff7f63cd-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK addthis_widget.js Show response
s7.addthis.com/js/300/ 349 KB
112 KB 38ms
8ms Script
application/javascript 104.108.68.8
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://s7.addthis.com/js/300/addthis_widget.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-68-8.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 31fdbd11b2e812762d67116d1714391738af0ade5c63a5e878ae24015bae43d4

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Surrogate-Key: client_dist
Last-Modified: Mon, 02 Jul 2018 18:33:29 GMT
Cache-Tag: client_dist
ETag: "5b3a6ff9-57536"
Vary: Accept-Encoding
X-Distribution: 99
Content-Type: application/javascript
Cache-Control: public, max-age=600
X-Host: s7.addthis.com
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 113954

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/forumotion-pt/ 115 KB
18 KB 14ms
7ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/forumotion-pt/loader.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0ffdd1599de14aeb45956cfab6ae8fb197e084be3ac6d68002cf19909992aff

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: ol83nHEg7Uu2tw_HDnkXj6O_hLTpxy89
Content-Encoding: gzip
ETag: "211ba751e22b21b76234cd765a47c28b"
Age: 174
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 17456
x-amz-id-2: lwcW+swMmjEPbg+igZB3GCV8aIU50+9vf7cQHeN1g3tx0z8MsdOe+UDMtNnJn+JhU02/2KRK2Bc=
X-Served-By: cache-hhn1533-HHN
Last-Modified: Tue, 10 Jul 2018 14:11:58 GMT
Server: AmazonS3
X-Timer: S1531333064.716441,VS0,VE1
Date: Wed, 11 Jul 2018 18:17:43 GMT
Vary: Accept-Encoding
x-amz-request-id: 0E5097D9451F2DD5
Via: 1.1 varnish
Cache-Control: private,max-age=14401
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1

GET
H/1.1 200
OK analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.google-analytics.com/analytics.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 18 May 2018 01:10:24 GMT
Server: Golfe2
Age: 417
Date: Wed, 11 Jul 2018 18:10:46 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=7200
Timing-Allow-Origin: *
Content-Length: 14386
Expires: Wed, 11 Jul 2018 20:10:46 GMT

GET
S 200 bg_button.gif
illiweb.com/fa/prosilver/ 174 B
273 B 11ms
10ms Image
image/gif 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/prosilver/bg_button.gif

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8a79a702c74305fd3a2a0e10d8fadc1752d72ea159b0a4b25825acf3ef42ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 174
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
server: cloudflare
etag: "41d5e800-ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44c038ac96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 social_bookmarking_fa.png
illiweb.com/fa/social_bookmarking/ 10 KB
10 KB 9ms
9ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/social_bookmarking/social_bookmarking_fa.png

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d8deb3f360c48eb0d2a4eb2fc69b8d6c5530dc31bf8984ede26443633a9ebb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 10100
x-xss-protection: 1; mode=block
last-modified: Fri, 05 May 2017 10:08:36 GMT
server: cloudflare
etag: "590c4f24-2774"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44c038ad96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 sprite_rss_feeds.png
illiweb.com/fa/rss_mod/ 6 KB
6 KB 11ms
11ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/rss_mod/sprite_rss_feeds.png

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

64598cb0406f22615300c7893987f55e915edfe3ced3b14e5a47549cc7bf2006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 5962
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:01:07 GMT
server: cloudflare
etag: "5739a873-174a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44c038ae96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
S 200 sprite_prosilver_navbar.png
illiweb.com/fa/ 3 KB
3 KB 9ms
9ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/sprite_prosilver_navbar.png

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

913bbda58746d2834fa514a1960eddd741c0dad41288fdcca43afb0203fde631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 2994
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:01:50 GMT
server: cloudflare
etag: "5739a89e-bb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44c038af96d6-FRA
expires: Thu, 11 Jul 2019 18:17:43 GMT

GET
H/1.1 200
OK ajs.php Show response
cas.criteo.com/delivery/ 733 B
2 KB 37ms
21ms Script
text/javascript 178.250.2.71
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34607&cb=17398498682&nodis=1&charset=windows-1252&dc=3&atfr=1&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.2.71 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: cas.criteo.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e0db2d862aee90854fca1e32e50e424106b6c3d494605da31c32fcc20c84604e

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: ASP.NET
P3P: CP='CUR ADM OUR NOR STA NID'
Content-Length: 800
Pragma: no-cache
Server: Microsoft-IIS/10.0
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK collect
www.google-analytics.com/r/ 35 B
373 B 14ms
13ms Image
image/gif 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.google-analytics.com/r/collect?v=1&_v=j68&a=1155763268&t=pageview&_s=1&dl=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=windows-1252&dt=Infec%C3%A7%C3%A3o%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=IEBAAEAB~&jid=1531749950&gjid=1943286965&cid=1816525444.1531333064&tid=UA-43696929-1&_gid=1128827917.1531333064&_r=1&z=1746948486

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 35
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK collect
www.google-analytics.com/r/ 35 B
373 B 19ms
13ms Image
image/gif 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www.google-analytics.com/r/collect?v=1&_v=j68&a=1155763268&t=pageview&_s=1&dl=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=windows-1252&dt=Infec%C3%A7%C3%A3o%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=YEDAAEAB~&jid=1620992657&gjid=1505204004&cid=1816525444.1531333064&tid=UA-19192881-3&_gid=1128827917.1531333064&_r=1&z=872210691

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 35
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK impl.314-210-RELEASE.js Show response
cdn.taboola.com/libtrc/ 401 KB
112 KB 7ms
6ms Script
application/javascript 151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/forumotion-pt/loader.js
Protocol: HTTP/1.1
Server: 151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42ea582593ff061b0179a1b0c99e76520758d48b563008e9a538817b0384cf49

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: nZCIku_tzY.nhxfvs2lnNbN4OEEOWUwh
Content-Encoding: gzip
ETag: "c13590c8cfacf8069cc4256eae0f306c"
Age: 10
X-Cache: HIT
x-amz-replication-status: PENDING
Connection: keep-alive
Content-Length: 114156
x-amz-id-2: /iGo4/VniK70KP364f5yRTk8lWAR7dKJee3t/1hLLCZRjqx8fJ2udTgLq3lhHsa/M7YmGmojJwk=
X-Served-By: cache-hhn1533-HHN
Last-Modified: Tue, 10 Jul 2018 14:01:53 GMT
Server: AmazonS3
X-Timer: S1531333064.815312,VS0,VE0
Date: Wed, 11 Jul 2018 18:17:43 GMT
Vary: Accept-Encoding
x-amz-request-id: 66FC6296019991DB
Via: 1.1 varnish
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 193

GET
H/1.1 200
OK beacon.js Show response
b.scorecardresearch.com/ 1 KB
1 KB 13ms
6ms Script
application/x-javascript 2.16.186.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://b.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/forumotion-pt/loader.js
Protocol: HTTP/1.1
Server: 2.16.186.80 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-80.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 901
Expires: Thu, 12 Jul 2018 18:17:43 GMT

GET
H/1.1 200
OK 11662.js Show response
ads.rubiconproject.com/ad/ 26 KB
8 KB 35ms
6ms Script
text/javascript 23.67.129.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/11662.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 23.67.129.200 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-200.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: b5c932f5ad9b5922ced7201f4941f4db458030e93a014eabe124e6997e93c74a

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=6017
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7523
Expires: Wed, 11 Jul 2018 19:58:00 GMT

GET
H/1.1 200
OK lg.php
cat.nl.eu.criteo.com/delivery/ 43 B
330 B 35ms
19ms Image
image/gif 178.250.2.66
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cat.nl.eu.criteo.com/delivery/lg.php?cppv=1&cpp=S1AehnxOeFZNV2psbmZiYW9PSzU5S0g0eUZHMzBJNlhNdEZvazgrWlEraklxdnRjSGVGNkZoNVJwQXBDc1AwMHQxYVUwcUhlMnR1L1lVYkRJd0FLb05pYTR2Q29MSVJ0Q1VzcTA5MWtZcU04cml4elVtTGxlaFJweXZSN2Y5d0twUFM5RVhFUmpOMVRnR3Y4dmVvdUxQVm5aNi9CV1RiaEZjTHRYWWl1amIrY243M3NZWE1qbEl3UkZqNGd3Y0lxZm14RURwTi8zSjdsajhqM1Q3NytKQk42YVBtVUtsZDBUb2h0d0FvYmFEL1JVNVZFNVhOM2xTZklTRkFrZE9LWmRvZDdMfA%3D%3D
Requested by: Host: cas.criteo.com
URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34607&cb=17398498682&nodis=1&charset=windows-1252&dc=3&atfr=1&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.66 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

204
No Content

b2
b.scorecardresearch.com/
Redirect Chain

http://b.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-in...
http://b.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-i...

0
248 B

6ms
6ms

Image
text/plain

2.16.186.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://b.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&c9=https%3A%2F%2Fwww.google.com%2F
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2.16.186.80 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-80.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: http://b.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1531333063824&ns_c=windows-1252&cv=3.1&c8=Infec%C3%A7%C3%A3o%20Malware&c7=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&c9=https%3A%2F%2Fwww.google.com%2F
Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 151250-2.js Show response
optimized-by.rubiconproject.com/a/11662/36492/ 3 KB
3 KB 65ms
59ms Script
text/javascript 62.67.193.41
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: http://optimized-by.rubiconproject.com/a/11662/36492/151250-2.js?&cb=0.30373655767096763&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1600x1200&ad_slot=36492_2
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Server: 62.67.193.41 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 45c7b9e68c9e91b6a5dce78dbd240bd78699dd998b588003d0921b9070ce6154

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=29
Content-Length: 1816
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ 2 KB
2 KB 62ms
14ms Script
application/x-javascript 185.29.135.42
MediaMath Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?id=5aW95q2jLzE0LyAvTlRSbE1qSTROak10WWprNU9DMDJNemRpTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NDgwNzM3NTk0MzA0Nzk1NTkvNDcyODY0OS8yNjAyMzc3LzkvSFhKaTdac3FZRTZyZjBsSW4xdk5wRWc5aS1ueHk3MEJ5QzRfNDliWnlEVS8xLzkvMC8wLzUxMjcxNi8yNDk5NDg5Mjc4LzE5NjM2MS80MTE4NzQvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xNzQ4MDczNzU5NDMwNDc5NTU5L2Ftcy8/CaTEzNb8s7gr8fgO-JdoS3rJ0kI&nodeid=1121&auctionid=1748073759430479559&exch=ruc&sid=2602377&cid=4728649&price=ACF0AB0FC3FD02FA&act=LiIiJiQocHxrPSwuJCMqcHxrKy5wfGshIioqJCMqcHw&group=eu&bp=a_achhag&3pck=http%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F
Requested by: Host: optimized-by.rubiconproject.com
URL: http://optimized-by.rubiconproject.com/a/11662/36492/151250-2.js?&cb=0.30373655767096763&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1600x1200&ad_slot=36492_2
Protocol: HTTP/1.1
Server: 185.29.135.42 , United Kingdom, ASN30419 (MEDIAMATH-INC - MediaMath Inc, US),
Reverse DNS
Software: MMBD/3.126.5 /
Resource Hash: 1012fe94f695d472ba7aa9b66b20514ed2ecfd148a2ab1143e857ecd2fd185ac

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jul 2018 18:17:43 GMT
Server: MMBD/3.126.5
x-mm-latency: 1 (1)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: won
Cache-Control: no-cache
x-mm-host: cdg-router-x39, cdg-bidder-x93
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Wed, 11 Jul 2018 18:17:43 GMT

GET
H/1.1 200
OK 2e190ccd-b851-47b2-9192-e7b97e54a5dc
beacon-eu2.rubiconproject.com/beacon/d/ 43 B
268 B 18ms
10ms Image
image/webp 62.67.193.43
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://beacon-eu2.rubiconproject.com/beacon/d/2e190ccd-b851-47b2-9192-e7b97e54a5dc?oo=0&accountId=11662&siteId=36492&zoneId=151250&sizeId=2&e=6A1E40E384DA563B61CCD0162CF173973CB10582F5AE8F9595ACF89947AF4E03FC5044658DAE8F6A9569F5543E5A55DD76F8D2EDD55860072D6A4B903BC2DC233B8137D5DD2159A7D49BDCBB1A99E02744CBCA5BD89DEDD0623C378D63503E0FB15EF25B7D8245329BDA451C248AD2238599A5168562EDD52178783CDA09CF6A95F3E2EDC9D46712173F186ECC44E269D8E45BEB5CCD5D86D8D6E1A8B2E8E57FEBFBA2EDED8F9B8740A5D9C97D05F05A293C539B96C5C59F12BFF1F3DD832A208C3C609635C4BAB6B20E4E8B07E6DCA2DBED9A779409EF0DB2F5D8A316DED8C790D6740E530EAF48832FCE3AE51DF2AA676127800094FEA0966E3BDAB229DDEBEF15F37C67110C6E59847202E7C7C3BB904E70B044FF3259A287F2C6E890887FBB86C52759DCC7DBACE940E9CEB83FA172DD778A4865F6F729D84D710B473C6F0C30107DD7D9A3779ACEC46F7C69CB968D1A1EDD315617F4E82C8DC099D34DAF7A4512289792C6D4D412D919DB7561D6D035A83E6F4D25F75F80E4DB370AA1A59B82BB21B430064CE82C8DC099D34DAF11EA0C268307A5A84BE0469B4098C398445FC3B40B1A818D96E74246E2F29EBB6A7A40CAA0F4C7CFE400BDBD3AE9349219CE71D449F43C45C4CB688ABAAE1D1C29577C14DDBAB7D2BE149C030A13C3F91F53CA3C9EB1B7D3407AA05C22C06CD6D8507B0A64FC9E6936EBBBCB359B95CB6EFBB6E6C2B8796254267F605AE293E3ADD84CD4C36B4A0EEEA791F966377E2594AA56668C842BE56EF2E4D613A6057F7D06861DDEAE11A6DD805A0CC7644EA046E0C338056D8A9A
Requested by: Host: optimized-by.rubiconproject.com
URL: http://optimized-by.rubiconproject.com/a/11662/36492/151250-2.js?&cb=0.30373655767096763&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1600x1200&ad_slot=36492_2
Protocol: HTTP/1.1
Server: 62.67.193.43 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1 200
OK qrp5w0nec98c Show response
ad.ad-srv.net/zone/ 10 KB
3 KB 5ms
2ms Script
text/html 136.243.51.231
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ad.ad-srv.net/zone/qrp5w0nec98c?subid=2602377_1748073759430479559&rnd=1748073759430479559&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D
Requested by: Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
Protocol: HTTP/1.1
Server: 136.243.51.231 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.231.51.243.136.clients.your-server.de
Software: Apache /
Resource Hash: f03c92834d4627c5fe43fe0e8aabc7c5c4695d3d179cdd384ae0cab4fb663b0c

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2846
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad38.ad-srv.net/
Redirect Chain

http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1...
http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1...

2 KB
1 KB

326ms
305ms

Script
application/x-javascript

136.243.54.220
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0&uidRedirect=1
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 136.243.54.220 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.220.54.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 06bfc0bd09d55e2212c028968cf2df4f6415d2e1e8b50d8421e45874253f2422

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 66030800111468200438028010556038
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 704
Expires: Wed, 11 Jul 2018 19:17:44 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20
Expires: Wed, 11 Jul 2018 19:17:44 +0200

GET
H/1.1

200
200

Cookie set /
banner.congstar.de/cookie/ Frame 4FFE
Redirect Chain

https://ad.zanox.com/tpv/?37494895C2047965762T&zpar0=66030800111468200438028010556038
https://banner.congstar.de/cookie/?zxid=37494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483&zUserID=977569

0
0

567ms
19ms

Document
text/html

85.214.124.106
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://banner.congstar.de/cookie/?zxid=37494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483&zUserID=977569
Requested by: Host: ad38.ad-srv.net
URL: http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 85.214.124.106 Berlin, Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: h2491987.stratoserver.net
Software: /
Resource Hash

Request headers

Host: banner.congstar.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
Set-Cookie: staticentry=%7B%22zxid%22%3A%2237494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483%22%2C%22zUserID%22%3A%22977569%22%7D; Domain=.congstar.de; Expires=Wed, 18-Jul-2018 18:17:47 GMT; Path=/
Content-Length: 0
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Cache-Control: no-store
Pragma: no-cache
Content-Length: 0
Location: https://banner.congstar.de/cookie/?zxid=37494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483&zUserID=977569
Server: Microsoft-IIS/7.5
Set-Cookie: zttpvc=5C83645S2452192636133012483T0II5C237452S2452192636137206784T0II37494895C0SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483; domain=.zanox.com; path=/ zptpvc=5C83645S2452192636133012483T0II5C237452S2452192636137206784T0II37494895C0SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483; expires=Tue, 09-Oct-2018 18:18:03 GMT; domain=.zanox.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://ad.zanox.com/w3c/p3p.xml", CP="NOI CUR OUR STP"
jobs-at-zanox: https://www.zanox.com/jobs/international
Date: Wed, 11 Jul 2018 18:18:03 GMT
Connection: close
Via: 10.30.2.220%1

GET
H/1.1 200
OK request_content.php
ad38.ad-srv.net/ Frame FC06 0
0 391ms
1ms Document
text/html 136.243.54.220
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ad38.ad-srv.net/request_content.php?s=66030800111468200438028010556038&a=2f8c46a3
Requested by: Host: ad38.ad-srv.net
URL: http://ad38.ad-srv.net/request.php?zone=qrp5w0nec98c&nw=1&renderingType=javascript&namespace=e9aca50548&subid=2602377_1748073759430479559&uid=3283f05d2d3ed343&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=1585x312&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=ANIM_AFTER_30S%3A0&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D1748073759430479559%26mt_id%3D4728649%26mt_adid%3D196361%26mt_sid%3D2602377%26mt_exid%3D9%26mt_inapp%3D0%26mt_uuid%3Decbf5b46-49c8-4eda-88a2-43e895ba8ba0%26mt_3pck%3Dhttp%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2F2e190ccd-b851-47b2-9192-e7b97e54a5dc%2F%26mt_lp%3Dhttp%253A%2F%2Fwww.congstar.de%26redirect%3D&documentReferer=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ancestorOrigins=&random=6231527134734&container=&adPos=198x312&adPosCheck=199x313&adtagId=0&uidRedirect=1
Protocol: HTTP/1.1
Server: 136.243.54.220 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.220.54.243.136.clients.your-server.de
Software: Apache /
Resource Hash

Request headers

Host: ad38.ad-srv.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Cookie: 672p1lyu7kil_uid=83a84bace0b47213
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Date: Wed, 11 Jul 2018 18:17:45 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 11 Jul 2018 19:17:45 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1079
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK id.js Show response
mathid.mathtag.com/device/ 54 KB
19 KB 30ms
14ms Script
text/javascript 185.29.134.232
MediaMath Inc

General

Check archive.org

Show headers Download Go to

Full URL: http://mathid.mathtag.com/device/id.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 185.29.134.232 , United Kingdom, ASN30419 (MEDIAMATH-INC - MediaMath Inc, US),
Reverse DNS
Software: / Express
Resource Hash: b08fefb255b40cd18b0f7db8ec21c6f0c79d16aa828d7ed9157da12a38538682

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
X-Powered-By: Express
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
X-MM-Host: cdg-mathid-x2
Connection: keep-alive
Access-Control-Allow-Headers: Content-type, X-Optout
Keep-Alive: timeout=360
Expires: Wed, 11 Jul 2018 19:17:44 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame E0DE 0
0 391ms
6ms Document
text/html 104.111.230.142
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Cookie: khaos=JJHG628H-D-JXVS; rsid=DsuWSiL5uMdJFeznfENNwaZbP5mY0DNvptDUA3ThqHQWXoehOHP+SZpge+E4msdf09hVox97znvIHI8uGLlpPLdF5oJyNS+cecy1p8C5LL1gM5Bv7V+4D2UCrC1utAqsTPWMOM1wD65Lj0jksFb9pOyVUg==; ses2=36492^1; vis2=36492^1; ses15=36492^1; vis15=36492^1; audit=Y+1Rkrt0uiNf0q1TEqj5JTVdFNmrlXK8NbDOSW0Oz6H20VNnNEimPqEqSYZd+jdTvk6li41lcjS+N7b9vUvSuoqtpcOka9cQnypOMN14kRdo6X4C4PqCjA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 09 Jul 2018 18:24:27 GMT
Content-Encoding: gzip
Content-Length: 7478
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=40016
Expires: Thu, 12 Jul 2018 05:24:41 GMT
Date: Wed, 11 Jul 2018 18:17:45 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK pixel.gif
static.criteo.net/images/ 43 B
424 B 26ms
13ms Image
image/gif 178.250.2.74
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.74 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: static.criteo.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Server: nginx
ETag: "493ea254-2b"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=31104000, public
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 43
Expires: Sat, 06 Jul 2019 18:17:44 GMT

GET
H/1.1 200
OK pixel.gif
static.criteo.net/images/ 43 B
424 B 34ms
18ms Image
image/gif 178.250.2.74
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.74 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: static.criteo.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Server: nginx
ETag: "493ea254-2b"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=31104000, public
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 43
Expires: Sat, 06 Jul 2019 18:17:44 GMT

GET
S 200 all.js Show response
connect.facebook.net/pt_PT/ 207 KB
62 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/pt_PT/all.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

06fb15858fe7edd7c38f7ae6b0efedca984ae58ecb00ee6e6e0dcbdb862bb872

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 9wZM+GHltibXR+vD04rfIg==
status: 200
content-length: 63122
x-xss-protection: 0
x-fb-debug: yX5tFs3QQ29LOnW4KXjYYflqOfT7bZfW2UryVGnbYgY3xGRCHlumZwMJ9Ka34qhA3BuBjVGoHoyp14C5Wk2NGw==
x-fb-content-md5: 4abfed9e8705194f93ce659c7679ecce
x-frame-options: DENY
date: Wed, 11 Jul 2018 18:17:44 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "fc0e1b2856cee169b537da9891130eaf"
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin: *
expires: Wed, 11 Jul 2018 18:37:24 GMT

GET
S 200 sprite_icons.png
illiweb.com/fa/ 1 KB
2 KB 28ms
28ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/sprite_icons.png

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b621467f74054e2999a7e213edf26895f9639e255f7c11b2047509fd0879f6c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 1459
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 11:01:49 GMT
server: cloudflare
etag: "5739a89d-5b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44c52d6f96d6-FRA
expires: Thu, 11 Jul 2019 18:17:44 GMT

GET
H/1.1 200
OK ajs.php Show response
cas.criteo.com/delivery/ 765 B
2 KB 22ms
22ms Script
text/javascript 178.250.2.71
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34605&cb=92079681753&nodis=1&charset=windows-1252&dc=3&atfr=0&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.2.71 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: cas.criteo.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fb583fc804d9a1974260714cbf35a26a9e14eae86d6465d2420fe235dfc8758a

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: ASP.NET
P3P: CP='CUR ADM OUR NOR STA NID'
Content-Length: 835
Pragma: no-cache
Server: Microsoft-IIS/10.0
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK lg.php
cat.nl.eu.criteo.com/delivery/ 43 B
330 B 18ms
18ms Image
image/gif 178.250.2.66
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cat.nl.eu.criteo.com/delivery/lg.php?cppv=1&cpp=1ch1nXxucEc5ZEwxakZST1g3czdOUlRKeEh3djRwRm9yd1N3UXNxWU50ZkNQWFpwdUhxMWdZdG55VFc2Kzg3UThzSTljM1BrWDUzd0ZzYzdjeEUySytFRXArL3NWSWVjTjVwa0NmazQ5VVNza1Q3cFlkMzNRZVZLd01mV0dlYmg4TXRGTzJmUDIyaDlRMmJpeGpYU3pMV21FcCsyUG5yRzc3djRVVjZiRGVrdzl1TTcyOUg0MTliakZvZ0Z6NlFiMlpHdUJtUkxvYU45eXJJRzMrZTZNSGZQWUt2eXRYbGVrR2dySzZ5b3B0RnRQSzRWTzdIS0l3RnpCTS9wMTBXQVU3NXFqMW5Oa01sM2pLU0I5WWUybmYzRGVBUT09fA%3D%3D
Requested by: Host: cas.criteo.com
URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34605&cb=92079681753&nodis=1&charset=windows-1252&dc=3&atfr=0&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.66 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK 151252-15.js Show response
optimized-by.rubiconproject.com/a/11662/36492/ 2 KB
2 KB 73ms
73ms Script
text/javascript 62.67.193.41
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: http://optimized-by.rubiconproject.com/a/11662/36492/151252-15.js?&cb=0.01201532918622017&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1600x1200&ad_slot=36492_15
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Server: 62.67.193.41 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: ff94854751f2b1a8b9efa1224d209fb7ea7d4f1af4f6834a7531d00832f80e73

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=41
Content-Length: 944
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK 1e2RywyANNe.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame D256 0
0 265ms
6ms Document
text/html 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

http://staticxx.facebook.com/connect/xd_arbiter/r/1e2RywyANNe.js?version=42

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_PT/all.js

Protocol

HTTP/1.1

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Host: staticxx.facebook.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Expires: Wed, 10 Jul 2019 20:04:00 GMT
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Cache-Control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Vary: Accept-Encoding
Content-Encoding: gzip
X-FB-Debug: Aorrn0yMR4YUtymIxx6eIwWRz5Hxh1uPej/yryWENdm/3J850cQbOGSk/yB6srhrKh1cjlSyF6OS4og3g8KhdA==
Date: Wed, 11 Jul 2018 18:17:45 GMT
Connection: close
Content-Length: 13907

GET
H2 200 1e2RywyANNe.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 5397 0
0 265ms
6ms Document
text/html 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter/r/1e2RywyANNe.js?version=42

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_PT/all.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter/r/1e2RywyANNe.js?version=42
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

status: 200
expires: Wed, 10 Jul 2019 20:04:00 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary: Accept-Encoding
content-encoding: gzip
x-fb-debug: Aorrn0yMR4YUtymIxx6eIwWRz5Hxh1uPej/yryWENdm/3J850cQbOGSk/yB6srhrKh1cjlSyF6OS4og3g8KhdA==
content-length: 13907
date: Wed, 11 Jul 2018 18:17:45 GMT

GET
S 200 gpt.js Show response
www.googletagservices.com/tag/js/ 20 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:810::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: optimized-by.rubiconproject.com
URL: http://optimized-by.rubiconproject.com/a/11662/36492/151252-15.js?&cb=0.01201532918622017&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1600x1200&ad_slot=36492_15

Protocol

SPDY

Server

2a00:1450:4001:810::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

349a658bfe8ec9c807d02d46bddd2a2a6b4e36a5c2705e3e8706db2fac2bb18c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Jul 2018 18:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "5 / 400 of 1000 / last-modified: 1531238519"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 7843
x-xss-protection: 1; mode=block
expires: Wed, 11 Jul 2018 18:17:44 GMT

GET
H/1.1 200
OK 43495046-140d-4471-acaa-f7e3f3dae4a7
beacon-eu2.rubiconproject.com/beacon/d/ 43 B
268 B 9ms
8ms Image
image/webp 62.67.193.43
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://beacon-eu2.rubiconproject.com/beacon/d/43495046-140d-4471-acaa-f7e3f3dae4a7?oo=0&accountId=11662&siteId=36492&zoneId=151252&sizeId=15&e=6A1E40E384DA563BC4B31EFD8976314627C9FEF48EA3CED5BD0E734D103D9988D0BDF9892FDDAF2A03A5A7DAFBF7BD5252816BD28DE8FD49DECF51D24B74E507419AB502F658178AB3CE5BEE5DE7C79B172CD28438FCBB6A88E37A866CF2834595C5E95BFD5380B076E18C4CDFA7CA8087A8112FBA2243408F172CC6D841D7663B22BBF4B8D91D8E
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 62.67.193.43 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:43 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ 49 B
329 B 58ms
16ms Image
image/gif 185.29.135.48
MediaMath Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1748073759430479559&node_id=1121&exch_id=9&mathid_data=%7B%22dv1%22%3A%22TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTNfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzY3LjAuMzM5Ni44NyBTYWZhcmkvNTM3LjM2%22%2C%22dv2%22%3A%22NWI2NjgwZjU1ZmFiYmMxM2YxMGMwMDgyNTM4NjQ0OTk%3D%22%2C%22dv3%22%3A%22%22%2C%22dv4%22%3A%22MTYwMHwxMjAwfDE2MDB8MTIwMHwyNHx8%22%2C%22dv5%22%3A%22VVRD%22%2C%22dv6%22%3A%22%22%2C%22dv7%22%3A%22MA%3D%3D%22%2C%22dv8%22%3A%22ZmFsc2V8dHJ1ZXx0cnVl%22%2C%22dv9%22%3A%22fGVuLVVTfA%3D%3D%22%2C%22dv10%22%3A%22TW96aWxsYXxOZXRzY2FwZXxMaW51eCB4ODZfNjR8%22%7D
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 185.29.135.48 , United Kingdom, ASN30419 (MEDIAMATH-INC - MediaMath Inc, US),
Reverse DNS
Software: MMBD/3.126.5 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:44 GMT
Server: MMBD/3.126.5
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x29, cdg-bidder-x93
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Wed, 11 Jul 2018 18:17:43 GMT

GET
S 200 pubads_impl_231.js Show response
securepubads.g.doubleclick.net/gpt/ 178 KB
61 KB 40ms
40ms Script
text/javascript 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f98.1e100.net

Software

sffe /

Resource Hash

1c80619aa99b4bce0b57edaeaf2bae35ad0e1929096a51d0ced52df4dfa68e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Jul 2018 18:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 62603
x-xss-protection: 1; mode=block
expires: Wed, 11 Jul 2018 18:17:44 GMT

GET
S 200 integrator.sync.js Show response
adservice.google.de/adsid/ 113 B
178 B 15ms
15ms Script
application/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=forumpcbrasil.forumeiros.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Jul 2018 18:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 108
x-xss-protection: 1; mode=block

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 3 KB
2 KB 369ms
368ms Script
text/javascript 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=181633006883925&correlator=770073495690654&output=json_html&callback=googletag.impl.pubads.setPassbackAdContents&impl=s&eid=21062342&vrg=231&guci=1.2.0.0.2.2.0&sc=0&sfv=1-0-29&iu=%2F1150267%2FEtoxicSarl_RON_300x250_Key&sz=300x250&scp=Etoxic_Login%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ft2765-infeccao-malware%2Chttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ft2765-infeccao-malware&eri=2&cookie_enabled=1&bc=7&abxe=1&lmt=1531333062&dt=1531333064927&frm=20&biw=1585&bih=1185&oid=3&adk=2045437847&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ref=https%3A%2F%2Fwww.google.com%2F&dssz=52&icsg=70368766460250&mso=134218241&std=0&vis=1&scr_x=0&scr_y=0&ga_vid=1816525444.1531333064&ga_sid=1531333065&ga_hid=1155763268

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f98.1e100.net

Software

cafe /

Resource Hash

645b6ceaa1729250e2ff014f8521613841542553720dbae64b536f93ade3e862

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Jul 2018 18:17:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 1823
x-xss-protection: 1; mode=block
google-lineitem-id: 4623117068
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138231436094
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 pubads_impl_rendering_231.js Show response
securepubads.g.doubleclick.net/gpt/ 42 KB
16 KB 39ms
38ms Script
text/javascript 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_231.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f98.1e100.net

Software

sffe /

Resource Hash

2b18451f41f398f69d9e7435f3b80e11b53b9afc9395b42742c41e36928bde0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Jul 2018 18:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 06 Jul 2018 21:28:59 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 16423
x-xss-protection: 1; mode=block
expires: Wed, 11 Jul 2018 18:17:44 GMT

GET
H/1.1 200
OK container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ 0
0 11ms
6ms Other
text/html 2a00:1450:4001:812::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Expires: Tue, 02 Jul 2019 13:08:51 GMT
Cache-Control: public, immutable, max-age=31536000
Last-Modified: Mon, 11 Jun 2018 14:38:59 GMT
Content-Type: text/html

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/ttj?id=13218132&cb=532522921&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_Z...
https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9s...

8 KB
4 KB

7ms
6ms

Script
application/javascript

37.252.172.40
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%252526sai%25253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%252526sig%25253DCg0ArKJSzHMgxgeU4ThDEAE%252526urlfix%25253D1%252526adurl%25253D

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

HTTP/1.1

Server

37.252.172.40 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

fc93813f124d0c47e45d961f54936419e6d8c9fa1bcc3cf6bf02b0cbabdf1ac2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.198:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 138db26b-ae21-4113-a015-2104ac55937f
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:47 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.14:80
AN-X-Request-Uuid: 6383ed8a-9507-4700-a13e-09897152a496
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%252526sai%25253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%252526sig%25253DCg0ArKJSzHMgxgeU4ThDEAE%252526urlfix%25253D1%252526adurl%25253D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20180702/r20110914/activeview/ 70 KB
25 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20180702/r20110914/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_231.js

Protocol

SPDY

Server

2a00:1450:4001:812::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

54485e4a4825872491f7f8a19d5b3840771ec88bf50e7aef09dc9d3a8a3214f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 02 Jul 2018 22:03:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 764028
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 26024
x-xss-protection: 1; mode=block
server: cafe
etag: 6211050207144215040
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 16 Jul 2018 22:03:57 GMT

GET
H/1.1 200
OK osd.js Show response
pagead2.googlesyndication.com/pagead/ 70 KB
26 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:81b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

5cf423c404b0e2ef68823ac98abeeb04fea71af5311f146bf5cc7cdaa6befb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 11 Jul 2018 17:21:22 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
Age: 3383
ETag: 8359588440358283728
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: public, max-age=3600
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 26239
X-XSS-Protection: 1; mode=block
Expires: Wed, 11 Jul 2018 18:21:22 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ 0
277 B 18ms
18ms Image
text/html 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssHZ4OXmhjOCcH8zNmVk0WdidpgBxjoaL8OTuQDU1LDw4S55uT4pf7qv5hNN09jDIlpM2KylS0Y2Jr-2KIyqMBPN1Tms8ohkz5LxKTNZAvy2KiHp5Ws21M5LA3xcJfD8gT0xK5wyzs-26OCdjE_YG46lvQKkwvv1tDjgslKaPAd45KZlxoeg89hf0_rPJvQdGrS3sUdvZ0Hhu9NLmcrkPZTIc93oRgihNrcWiIAfFNbS_pnEz_s7n_2tUAMm4J44owYt43mRdyiTmTViB0QNOKZ-rWwpueB&sai=AMfl-YRYcPivTJDqGfEAR7F1Xvo9YFszyxy40YcwtNG9WK9GFiTeQm_oBQ2xJcsIQMc7cBwJVvuqT4oJa9edtNzn2M-DnyvOs94OFf08PmmN&sig=Cg0ArKJSzDEWs_ZiPFCfEAE&urlfix=1&adurl=
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: SPDY
Server: 216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra16s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
cache-control: private
expires: Wed, 11 Jul 2018 18:17:45 GMT

GET
H/1.1 200
OK sync Show response
gum.criteo.com/ 78 B
347 B 74ms
18ms Script
text/javascript 178.250.2.67
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
Requested by: Host: secure.adnxs.com
URL: https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%252526sai%25253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%252526sig%25253DCg0ArKJSzHMgxgeU4ThDEAE%252526urlfix%25253D1%252526adurl%25253D
Protocol: HTTP/1.1
Server: 178.250.2.67 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1c2c15eec8cb65a2e6c342155e72e6649b0ea6c5eea8f3ef72dcabd5e1ffb0f7

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:45 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 78
Expires: Wed, 11 Jul 2018 19:17:45 GMT

GET
H/1.1 200
OK ttj Show response
secure.adnxs.com/ 0
796 B 6ms
6ms Script
text/html 37.252.172.40
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?ttjb=1&bdc=1531333067&bdh=1w5rgqzwztMZJLtLAL4dE0y-Pm4.&&bdref=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&bdtop=true&bdifs=0&bstk=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&&id=13218132&cb=532522921&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%2526sai%253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%2526sig%253DCg0ArKJSzHMgxgeU4ThDEAE%2526urlfix%253D1%2526adurl%253D

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/bounce?%2Fttj%3Fid%3D13218132%26cb%3D532522921%26pubclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%25253Fxai%25253DAKAOjssAjrYsaGzYMPFgsrht53WkPxDlitwOCySv9sIJRiFnV7MHwJSnlugyglIe9E9odkRkfL2z_ZMNS1ySI_t7zk6TNDuXDqWz4J9ccVuALggVryUPyA3LLf87HYw-Qk8k1VLek7pTXgoELwxlGfp2ABJAJsniZeMCXrHIG_0Nzmgdw-o3j_XSTKOKLZLWARxpXNp04zJpN4YjdS6X0FE7vK3X0LEO5FKVilk1_oQm0SRdgV7wwEFvuUcEzezW9ewVP63bcKDriyn67LQKQl6wLMaMa1Sa%252526sai%25253DAMfl-YTx-X2teHb6ypmPDBwnWkAwsVHBPCCwhJ2J4MqXoxjyJV4PMupj-l1F8Tt750gRCmlMep4h3u8_7fisyYpItI52a0vmpINj4x25forC%252526sig%25253DCg0ArKJSzHMgxgeU4ThDEAE%252526urlfix%25253D1%252526adurl%25253D

Protocol

HTTP/1.1

Server

37.252.172.40 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:47 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.117:80
AN-X-Request-Uuid: ea3012ab-9b95-4883-9770-b5b9131388f7
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 6774 0
0 619ms
8ms Document
text/html 104.111.230.142
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Cookie: khaos=JJHG628H-D-JXVS; rsid=DsuWSiL5uMdJFeznfENNwaZbP5mY0DNvptDUA3ThqHQWXoehOHP+SZpge+E4msdf09hVox97znvIHI8uGLlpPLdF5oJyNS+cecy1p8C5LL1gM5Bv7V+4D2UCrC1utAqsTPWMOM1wD65Lj0jksFb9pOyVUg==; ses2=36492^1; vis2=36492^1; ses15=36492^2; vis15=36492^2; audit=Y+1Rkrt0uiNf0q1TEqj5JTVdFNmrlXK8NbDOSW0Oz6Go/Z2dXRYRE6EqSYZd+jdTvk6li41lcjS+N7b9vUvSuoqtpcOka9cQnypOMN14kRdo6X4C4PqCjA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 09 Jul 2018 18:24:27 GMT
Content-Encoding: gzip
Content-Length: 7478
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=40014
Expires: Thu, 12 Jul 2018 05:24:41 GMT
Date: Wed, 11 Jul 2018 18:17:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK ajs.php Show response
cas.criteo.com/delivery/ 733 B
1 KB 22ms
22ms Script
text/javascript 178.250.2.71
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34605&cb=20656992213&nodis=1&charset=windows-1252&dc=3&atfr=0&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.2.71 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: cas.criteo.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ecf66c725a16adfb5f0db7a7365ae9a3b097ab4ee46a7ee5a0bdbfa9924d0fb9

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 11 Jul 2018 18:17:45 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: ASP.NET
P3P: CP='CUR ADM OUR NOR STA NID'
Content-Length: 796
Pragma: no-cache
Server: Microsoft-IIS/10.0
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK lg.php
cat.nl.eu.criteo.com/delivery/ 43 B
330 B 19ms
18ms Image
image/gif 178.250.2.66
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cat.nl.eu.criteo.com/delivery/lg.php?cppv=1&cpp=HGteqHxucEc5ZEwxakZST1g3czdOUlRKeEh3djRwRm9yd1N3UXNxWU50ZkNQWFpwcTIwWnc3bnV1TjNKK0hicGlyOHNKV3A3Zzlhazlpd2RzNW9sZ2ZYMFRRbE1yNkJGNFpEU2RicW9qR3BSeGVCTkorSlBUWUtCOWNmeFJVTHZZK21GMGk1SzhiSGJkeTEwaWRlQk9GMlA4OC9XcmluUXlHUGFXdHgwamlDVW9qVXcyUkJNcFlqWU1nbkF0SE83N1dNYTFjZVNhdE1MMTU3M0IvN29DdWRnMWt5dGEwSkYzN0NraU4wdXFudHpkeHhFRGxVNFo1LzBLUlgxeDhidVRTcDJPfA%3D%3D
Requested by: Host: cas.criteo.com
URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&zoneid=34605&cb=20656992213&nodis=1&charset=windows-1252&dc=3&atfr=0&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.66 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK 151252-15.js Show response
optimized-by.rubiconproject.com/a/11662/36492/ 2 KB
2 KB 54ms
53ms Script
text/javascript 62.67.193.41
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: http://optimized-by.rubiconproject.com/a/11662/36492/151252-15.js?&cb=0.4775521892615573&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1600x1200&ad_slot=36492_15
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Server: 62.67.193.41 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: e92cdca72028ccce27bd16524f16d8a39a5a56138dceff7c15af66a5c24c45bf

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:45 GMT
Content-Encoding: gzip
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: Keep-Alive
Content-Type: text/javascript
Keep-Alive: timeout=5, max=3
Content-Length: 941
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK 805eb590-9f63-48c5-8dcb-3ed514efed44
beacon-eu2.rubiconproject.com/beacon/d/ 43 B
268 B 9ms
8ms Image
image/webp 62.67.193.43
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://beacon-eu2.rubiconproject.com/beacon/d/805eb590-9f63-48c5-8dcb-3ed514efed44?oo=0&accountId=11662&siteId=36492&zoneId=151252&sizeId=15&e=6A1E40E384DA563B4A3CE7F9CA01D19B48E81A055473FF591FD0A4C888CF25056DA0CF474A5984063C6ED0944A894B2676F8D2EDD5586007C3EC2E01C7CF32AA13102071B722B004B3CE5BEE5DE7C79B172CD28438FCBB6A88E37A866CF28345C24087686271CE2D76E18C4CDFA7CA8087A8112FBA2243408F172CC6D841D7663B22BBF4B8D91D8E
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 62.67.193.43 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:44 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/webp
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
9 KB 303ms
303ms Script
text/javascript 216.58.214.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=181633006883925&correlator=770073495690654&output=json_html&callback=googletag.impl.pubads.setPassbackAdContents&impl=s&adsid=NT&eid=21062342&vrg=231&guci=1.2.0.0.2.2.0&sc=0&sfv=1-0-29&iu=%2F1150267%2FEtoxicSarl_RON_300x250_Key&sz=300x250&scp=Etoxic_Login%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ft2765-infeccao-malware%2Chttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ft2765-infeccao-malware&eri=2&cookie=ID%3D1a85ea25d70bda43%3AT%3D1531333064%3AS%3DALNI_Ma5QW0H_YeTMXNiulBZUxf-LQCVIQ&cookie_enabled=1&bc=7&abxe=1&lmt=1531333062&dt=1531333065665&frm=20&biw=1585&bih=1185&oid=3&adk=2045437844&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&ref=https%3A%2F%2Fwww.google.com%2F&dssz=76&icsg=93733729753686&mso=134218273&std=0&csl=254&vis=1&scr_x=0&scr_y=0&ga_vid=1816525444.1531333064&ga_sid=1531333065&ga_hid=1155763268

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_231.js

Protocol

SPDY

Server

216.58.214.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s05-in-f98.1e100.net

Software

cafe /

Resource Hash

9fbef6f09ecfe4ed5eaa98fa5a6f6f147b71c40616856e6b9bb537ba4722d488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Jul 2018 18:17:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 9535
x-xss-protection: 1; mode=block
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame BDA5 0
0 420ms
6ms Document
text/html 2a00:1450:4001:812::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_231.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: tpc.googlesyndication.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Timing-Allow-Origin: *
Content-Length: 1479
Date: Mon, 02 Jul 2018 13:08:51 GMT
Expires: Tue, 02 Jul 2019 13:08:51 GMT
Last-Modified: Mon, 11 Jun 2018 14:38:59 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 796136

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame C5A1 0
0 428ms
7ms Document
text/html 104.111.230.142
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Cookie: khaos=JJHG628H-D-JXVS; rsid=DsuWSiL5uMdJFeznfENNwaZbP5mY0DNvptDUA3ThqHQWXoehOHP+SZpge+E4msdf09hVox97znvIHI8uGLlpPLdF5oJyNS+cecy1p8C5LL1gM5Bv7V+4D2UCrC1utAqsTPWMOM1wD65Lj0jksFb9pOyVUg==; ses2=36492^1; vis2=36492^1; ses15=36492^2; vis15=36492^2; audit=Y+1Rkrt0uiNf0q1TEqj5JTVdFNmrlXK8NbDOSW0Oz6Go/Z2dXRYRE6EqSYZd+jdTvk6li41lcjS+N7b9vUvSuoqtpcOka9cQnypOMN14kRdo6X4C4PqCjA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 09 Jul 2018 18:24:27 GMT
Content-Encoding: gzip
Content-Length: 7478
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=40014
Expires: Thu, 12 Jul 2018 05:24:41 GMT
Date: Wed, 11 Jul 2018 18:17:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK vglnk.js Show response
cdn.viglink.com/api/ 78 KB
28 KB 28ms
18ms Script
text/javascript 2400:cb00:2048:1::6810:a00d
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.viglink.com/api/vglnk.js
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6810:a00d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92efc665ebca8487dc337b4ad91d83a8f49d7b275b77903dc22a3c335adc12d9

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:46 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
x-amz-request-id: 7B3EB7C2566791C7
Connection: keep-alive
Content-Length: 27647
x-amz-id-2: OkuO5QC5EX9JSwrgyYa7TRVuIo0iDNbnpqCQahksl7S1nCU89KzPdelOF80yk2W9YsCh82u2MAg=
Last-Modified: Tue, 27 Feb 2018 18:50:27 GMT
Server: cloudflare
ETag: "a3898990903acdbf47b8aa1eea719e0b"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
CF-RAY: 438d44ce969b64d5-FRA
Expires: Wed, 11 Jul 2018 18:47:46 GMT

GET
S 200 css
fonts.googleapis.com/ 3 KB
896 B 37ms
15ms Font
text/css 2a00:1450:4001:812::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed

Requested by

Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js

Protocol

SPDY

Server

2a00:1450:4001:812::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

c7f5b84d1b7a1a4a7a02615bff422a8fff122e14019407d361c2e81b65c8587a

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com

Response headers

strict-transport-security: max-age=600
content-encoding: gzip
last-modified: Wed, 11 Jul 2018 18:17:46 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Wed, 11 Jul 2018 18:17:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Wed, 11 Jul 2018 18:17:46 GMT

GET
S 200 plusone.js Show response
apis.google.com/js/ 43 KB
17 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: illiweb.com
URL: https://illiweb.com/rsc/38/frm/lang/notutf8-pt.js

Protocol

SPDY

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

652059ee7ac0e28e567f6843920a3c5f628b13c1996614121cff6f2f7b74c3b3

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180710.14_p0
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180710.14_p0
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
date: Wed, 11 Jul 2018 18:17:46 GMT
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "717b0a33bf064c7233f2afb6a2706337"
timing-allow-origin: *
expires: Wed, 11 Jul 2018 18:17:46 GMT

GET
H2 200 like.php
www.facebook.com/plugins/ Frame 2AE1 0
0 338ms
49ms Document
text/html 2a03:2880:f12d:86:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?locale=en_GB&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-&send=false&layout=box_count&width=60&show_faces=false&action=like&colorscheme=light&font&height=60

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f12d:86:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?locale=en_GB&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-&send=false&layout=box_count&width=60&show_faces=false&action=like&colorscheme=light&font&height=60
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

status: 200
timing-allow-origin: *
x-xss-protection: 0
pragma: no-cache
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control: private, no-cache, no-store, must-revalidate
expect-ct: max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset="utf-8"
x-fb-debug: 91DEsm7oAKWdAb+Kp96aKKeTUoH3AmcS4R4I64EEFapHrrjRZqt63UN9ANyHrRWfCfaXD1cLsCOJOeqo/9Wg0w==
date: Wed, 11 Jul 2018 18:17:47 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 119 KB
35 KB 26ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js?_=1531333066201
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Protocol: HTTP/1.1
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40F7) /
Resource Hash: 643ca3bddc30489dbdfa50b9b7c9803877371403531813b9c42fc814de0dd339

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:46 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jul 2018 21:20:20 GMT
Server: ECS (fcn/40F7)
Etag: "50219a6a461fe892e717dd2ea6b6ebc1+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Content-Length: 35375

GET
S 200 toolbar.png
illiweb.com/fa/i/toolbar/ 11 KB
11 KB 8ms
8ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/i/toolbar/toolbar.png

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

075cc698968c8fabdc079e0f5a8bf11ed379ddb445d0d7caa5085cf67ff12b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:46 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 11066
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 08:34:44 GMT
server: cloudflare
etag: "57398624-2b3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44cfcf0196d6-FRA
expires: Thu, 11 Jul 2019 18:17:46 GMT

GET
S 200 pa0.png
illiweb.com/fa/i/toolbar/ 1 KB
1 KB 10ms
10ms Image
image/png 2400:cb00:2048:1::681b:8280
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/i/toolbar/pa0.png

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Protocol

SPDY

Server

2400:cb00:2048:1::681b:8280 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5b862705def8b10b9a2f6e2d285ace98b47d499942ad23d492820a6a04341dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/0-ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:46 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 1087
x-xss-protection: 1; mode=block
last-modified: Mon, 16 May 2016 08:34:43 GMT
server: cloudflare
etag: "57398623-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 438d44cfcf0296d6-FRA
expires: Thu, 11 Jul 2019 18:17:46 GMT

GET
S 200 connect.js Show response
connect.topicit.net/scripts/ 3 KB
2 KB 35ms
8ms Script
application/javascript 2400:cb00:2048:1::681f:4002
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.topicit.net/scripts/connect.js

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2400:cb00:2048:1::681f:4002 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origSize=5437
status: 200
last-modified: Mon, 18 Dec 2017 13:17:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
cf-bgj: minify
server: cloudflare
etag: W/"5a37bff5-153d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 438d44d00884275c-FRA
expires: Thu, 12 Jul 2018 18:17:46 GMT

GET
H/1.1 200
OK _ate.track.config_resp Show response
m.addthisedge.com/live/boost/forumotion/ 166 B
521 B 17ms
7ms Script
application/javascript 104.108.68.8
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://m.addthisedge.com/live/boost/forumotion/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Server: 104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-68-8.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:46 GMT
Content-Encoding: gzip
Surrogate-Key: forumotion
ETag: 659743217
Vary: Accept-Encoding
Cache-Tag: forumotion
Cache-Control: public, max-age=24, s-maxage=86400
Content-Disposition: attachment; filename=1.txt
Connection: keep-alive
Content-Type: application/javascript;charset=UTF-8
Content-Length: 154

GET
H2

200

like.php
www.facebook.com/plugins/ Frame A48B
Redirect Chain

https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3D...
https://www.facebook.com/plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Df...

0
0

77ms
47ms

Document
text/html

2a03:2880:f12d:86:face:b00c:0:50fb
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false&_rdc=1&_rdr

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/pt_PT/all.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f12d:86:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false&_rdc=1&_rdr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

status: 200
timing-allow-origin: *
x-xss-protection: 0
pragma: no-cache
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control: private, no-cache, no-store, must-revalidate
expect-ct: max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset="utf-8"
x-fb-debug: t7Gww5RfYs/30FFAn10cZx+6d5y8qHsjS78YAnssY4FtSfXwVIv8nU7F/ki2h+KJl3lJME1wbVU3F3HYAjh39w==
date: Wed, 11 Jul 2018 18:17:48 GMT

Redirect headers

status: 302
location: https://www.facebook.com/plugins/like.php?action=like&app_id&channel=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Dfe80ddb5b453fc%26domain%3Dforumpcbrasil.forumeiros.com%26origin%3Dhttp%253A%252F%252Fforumpcbrasil.forumeiros.com%252Ff1449f13fd2407%26relation%3Dparent.parent&container_width=0&href=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&layout=button_count&locale=pt_PT&sdk=joey&share=false&show_faces=false&_rdc=1&_rdr
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-fb-zr-redirect: 02|1531419467|FzBFAiA5o1XkBC3EATUmT-g8oP_XLuCwj4U3b49thmAxJ7v-_QIhAIqHUDziJgCxyPIw6cBKnbqoSQTEBFvB8eQ3Py2n_muZ
cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self' https://*.facebook.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm https://*.facebook.com;
expect-ct: max-age=10, report-uri="http://reports.fb.com/expectct/"
pragma: no-cache
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: X0n/9M1ACfq1r5aSP3ZwGh8d3EztouRMOlTdq0y3xYMRevWgiwQ8LT+B++dpj0Od2WL3JnCmW5WPj9c7YCX3og==
content-length: 0
date: Wed, 11 Jul 2018 18:17:47 GMT

GET
S 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.krlVOn7uACU.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg/ 131 KB
46 KB 449ms
8ms Script
text/javascript 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.krlVOn7uACU.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

SPDY

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

27d0b2f79b3a90ccf74c8be137edd09fd3be6230e634ab3308213a5d9d47ef44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 17:47:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jul 2018 19:40:52 GMT
server: sffe
age: 1847
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 46639
x-xss-protection: 1; mode=block
expires: Thu, 11 Jul 2019 17:47:00 GMT

GET
S 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.krlVOn7uACU.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg/ 98 KB
34 KB 15ms
1ms Script
text/javascript 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.krlVOn7uACU.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

SPDY

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0a50c695cbcb759240c0c5b4a3e6ac8a8fd908e52df60fb8b45ddef748ada26a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 17:47:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jul 2018 19:40:52 GMT
server: sffe
age: 1828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 35163
x-xss-protection: 1; mode=block
expires: Thu, 11 Jul 2019 17:47:19 GMT

GET
H2 200 fastbutton
apis.google.com/se/0/_/+1/ Frame 19F0 0
0 34ms
33ms Document
text/html 2a00:1450:4001:812::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&count=true&origin=http%3A%2F%2Fforumpcbrasil.forumeiros.com&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180709.12_p1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&size=tall&count=true&origin=http%3A%2F%2Fforumpcbrasil.forumeiros.com&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

status: 200
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180709.12_p1
x-ua-compatible: IE=edge, chrome=1
vary: Accept-Encoding
timing-allow-origin: *
expires: Wed, 11 Jul 2018 18:17:48 GMT
date: Wed, 11 Jul 2018 18:17:48 GMT
cache-control: private, max-age=3600
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: gzip
server: ESF
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
set-cookie: NID=134=2jBpOFmqlQfNm1vkxzTJS92OwSL_MaNGxxDr3YTUTeSbyj55FXm9XlaQb8K_BW92WJq2QZt4afxpFqeIIpXgQGVYrIP_BvRF_lnE270froO7lDYJ3fXWWeQ5OUH-2w5N;Domain=.google.com;Path=/;Expires=Thu, 10-Jan-2019 18:17:48 GMT;HttpOnly
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"

GET
H/1.1 200
OK client.pt.min.json Show response
s7.addthis.com/l10n/ 4 KB
2 KB 22ms
7ms XHR
application/json 104.108.68.8
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://s7.addthis.com/l10n/client.pt.min.json
Requested by: Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Server: 104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-68-8.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 83ce6006cff1191ad3dee4fd015b0169ecc17b0ca8bd8ca698b6bea1d8699533

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 May 2018 15:09:02 GMT
Server: nginx
ETag: "5af30f0e-e21"
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800
X-Host: s7.addthis.com
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1736

GET
H/1.1 200
OK pixel.gif
cdn.viglink.com/images/ 43 B
689 B 22ms
20ms Image
image/gif 2400:cb00:2048:1::6810:a00d
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.viglink.com/images/pixel.gif?ch=1&rn=5.609396125613036
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6810:a00d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
CF-Cache-Status: HIT
Last-Modified: Tue, 10 Feb 2015 03:29:39 GMT
Server: cloudflare
x-amz-request-id: 1D1683A742F1E536
ETag: "221d8352905f2c38b3cb2bd191d630b0"
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=15, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 438d44d652b964d5-FRA
Content-Length: 43
x-amz-id-2: RbWfzAd2f7JIrdEahwQLdw8hzSCkAaxqxO7UtHdoj0STd8FEyYMyPFrMeWzPc8r28FW7XVJ5UBA=

GET
H/1.1 200
OK pixel.gif
cdn.viglink.com/images/ 43 B
689 B 24ms
11ms Image
image/gif 2400:cb00:2048:1::6810:a40d
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.viglink.com/images/pixel.gif?ch=2&rn=5.609396125613036
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6810:a40d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
CF-Cache-Status: HIT
Last-Modified: Tue, 10 Feb 2015 03:29:39 GMT
Server: cloudflare
x-amz-request-id: 1D1683A742F1E536
ETag: "221d8352905f2c38b3cb2bd191d630b0"
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=15, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 438d44d6621ebee4-FRA
Content-Length: 43
x-amz-id-2: RbWfzAd2f7JIrdEahwQLdw8hzSCkAaxqxO7UtHdoj0STd8FEyYMyPFrMeWzPc8r28FW7XVJ5UBA=

GET
H/1.1 200
OK widget_iframe.7a5ca036ea5299f1d2ebb2234731e35e.html
platform.twitter.com/widgets/ Frame 592F 0
0 50ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.7a5ca036ea5299f1d2ebb2234731e35e.html?origin=http%3A%2F%2Fforumpcbrasil.forumeiros.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js?_=1531333066201
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4198) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Jul 2018 18:17:48 GMT
Etag: "6f4bb4155518386526ca164541e6b1ce+gzip"
Last-Modified: Tue, 10 Jul 2018 21:19:35 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4198)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5868

GET
H/1.1 200
OK button.bf357a6ba1a5f1fa0ddb61377ae3add5.js Show response
platform.twitter.com/js/ 4 KB
2 KB 9ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.bf357a6ba1a5f1fa0ddb61377ae3add5.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js?_=1531333066201
Protocol: HTTP/1.1
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41AC) /
Resource Hash: 71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:47 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jul 2018 21:19:30 GMT
Server: ECS (fcn/41AC)
Etag: "1d8bf9d779a256fc7c4434c8ce2298c8+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Content-Length: 1397

GET
S 200 activeview
pagead2.googlesyndication.com/pcs/ 42 B
110 B 15ms
15ms Image
image/gif 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgXh6Q7VgxPckBYWhMRKIJGudeapsG-rPX1MsVPzkfO05kaMQpWZPuYt7LKDSQHIFfPgeRp8Y0opS0bbtZRazuysX6S4yRU74&sig=Cg0ArKJSzK5GdPD1PHilEAE&r=z&adk=2045437847&tt=1787&bs=1585%2C1185&mtos=0%2C0%2C0%2C0%2C0&tos=0%2C0%2C0%2C0%2C0&p=47441%2C706%2C47441%2C706&mcvt=0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&avms=geo&bos=1600%2C1200&ps=1595%2C47800&ss=1600%2C1200&pt=-1&deb=1-0-2-12-5--1-7-3&tvt=1778&op=1&id=osdim&ti=1&uc=1&tgt=DIV&cl=1&cec=6&clc=0&cac=0&cd=0x0&v=r20180702

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jul 2018 18:17:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 3682 0
0 390ms
21ms Document
text/html 2a00:1450:4001:812::200d
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fforumpcbrasil.forumeiros.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.krlVOn7uACU.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg/cb=gapi.loaded_1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:812::200d , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RUcmHIC4Ye3WGUJkqj5y83Mwzik' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=http%3A%2F%2Fforumpcbrasil.forumeiros.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.krlVOn7uACU.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPTwnOZtKAQg2ssdkFPclEPbxCaBg%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
accept-encoding: gzip, deflate
cookie: NID=134=2jBpOFmqlQfNm1vkxzTJS92OwSL_MaNGxxDr3YTUTeSbyj55FXm9XlaQb8K_BW92WJq2QZt4afxpFqeIIpXgQGVYrIP_BvRF_lnE270froO7lDYJ3fXWWeQ5OUH-2w5N
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Jul 2018 18:17:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-RUcmHIC4Ye3WGUJkqj5y83Mwzik' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 1; mode=block
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"

GET
H/1.1 204
No Content csi
csi.gstatic.com/ 0
312 B 574ms
291ms Image
image/gif 2404:6800:4005:80e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.0,psi.11&srt=1338&e=abc_l0,abc_m0,abc_u0&rt=
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2404:6800:4005:80e::2003 , Australia, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:47 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content csi
csi.gstatic.com/ 0
312 B 576ms
293ms Image
image/gif 2404:6800:4005:80e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://csi.gstatic.com/csi?v=3&s=gapi_module&action=plusone&it=mli.782,mei.13&srt=1338&e=abc_l0,abc_m0,abc_pplusone,abc_u0&rt=
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2404:6800:4005:80e::2003 , Australia, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:47 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content csi
csi.gstatic.com/ 0
312 B 577ms
294ms Image
image/gif 2404:6800:4005:80e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://csi.gstatic.com/csi?v=3&s=gapi_module&action=auth___plusone&it=mli.262,mei.7&srt=1338&e=abc_l0,abc_m0,abc_pauth___plusone,abc_u0&rt=
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2404:6800:4005:80e::2003 , Australia, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:47 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tweet_button.7a5ca036ea5299f1d2ebb2234731e35e.pt.html
platform.twitter.com/widgets/ Frame 978E 0
0 8ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.7a5ca036ea5299f1d2ebb2234731e35e.pt.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js?_=1531333066201
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40FD) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Jul 2018 18:17:49 GMT
Etag: "8fa4b39425d84a2ca6834250aa024456+gzip"
Last-Modified: Tue, 10 Jul 2018 21:19:34 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40FD)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 12863

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 353 B
1 KB 114ms
48ms XHR
text/javascript 52.18.183.216
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 6e939231cee781e0a23999612becaa80c29f9a8287b970367420ddbef4546c87

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:48 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 353
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
api.viglink.com/api/ 0
307 B 29ms
29ms Image
text/plain 52.18.183.216
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://api.viglink.com/api/sync.gif?partner_id=rkt
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:48 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 58 B
517 B 68ms
40ms XHR
text/javascript 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: d8e92c5f34066f3342322351c76fdefbd2a2031c365a3384bdf694b0e0e122ca

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 58
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
api.viglink.com/api/ 43 B
390 B 30ms
29ms Image
image/gif 52.18.183.216
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://api.viglink.com/api/sync.gif?partner_id=lot
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK insert Show response
api.viglink.com/api/ 16 KB
2 KB 497ms
474ms XHR
text/javascript 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/insert
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 121c9c5a46de7126f28c2520fcbf54209de96f5e1547356a758a0c1f6bdabf2e

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:49 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1823
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 400
Bad Request optimize Show response
api.viglink.com/api/ 986 B
1 KB 32ms
31ms XHR
text/html 52.18.183.216
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/optimize
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 52.18.183.216 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-18-183-216.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 4192f7a925a86b25b87e422c509071dc6d5222fef92358406b627882ee2c22af

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:48 GMT
Server: Apache-Coyote/1.1
Content-Language: en
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 986
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK pixel.gif
api.viglink.com/api/ 43 B
390 B 336ms
29ms Image
image/gif 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://api.viglink.com/api/pixel.gif?libId=jjhg665v01011025000DAbjnam90d&nocache=153133306980313&key=e2aa2ae88c2bcc3c33577d636d209bf8&type=insert&ct=81&cl=67&exp=-100%3ACILITE%3A67&imp_id=c8af3fef-9ce9-4c13-9efd-2d736d64a5a6&phrases=%5B%7B%22phrase%22%3A%22windows%207%22%2C%22type%22%3A%22L%22%2C%22count%22%3A5%7D%2C%7B%22phrase%22%3A%22adobe%22%2C%22type%22%3A%22L%22%2C%22count%22%3A4%7D%2C%7B%22phrase%22%3A%22service%20pack%201%22%2C%22type%22%3A%22L%22%2C%22count%22%3A5%7D%5D
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:49 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
S 200 jot
syndication.twitter.com/i/ 43 B
199 B 127ms
127ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22Forumeiros_PT%22%2C%22language%22%3A%22pt%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1531333070384%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%228d2dbdd%3A1531255802470%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

104.244.42.8 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 121
pragma: no-cache
last-modified: Wed, 11 Jul 2018 18:17:50 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b6f750aa3213da786a7f7b7dfc9bd38e
x-transaction: 00fab89700f4fff0
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 204
No Content csi
csi.gstatic.com/ 0
312 B 474ms
294ms Image
image/gif 2404:6800:4005:80e::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://csi.gstatic.com/csi?v=3&s=gwidget&action=plusone&it=wdi.4493,wri.4493&srt=1338&e=abc_l0,abc_m0,abc_n0,abc_m0n0,abc_u0&rt=
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 2404:6800:4005:80e::2003 , Australia, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:52 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Server: Golfe2
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 jot
syndication.twitter.com/i/ 43 B
171 B 120ms
119ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware%22%2C%22widget_frame%22%3Anull%2C%22duration_ms%22%3A5492.800001055002%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1531333072928%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%228d2dbdd%3A1531255802470%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22action%22%3A%22render%22%2C%22page%22%3A%22page%22%2C%22component%22%3A%22performance%22%7D%7D

Requested by

Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Protocol

SPDY

Server

104.244.42.8 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:17:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 114
pragma: no-cache
last-modified: Wed, 11 Jul 2018 18:17:52 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b6f750aa3213da786a7f7b7dfc9bd38e
x-transaction: 0077156d00dd6f2e
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 200
OK ajs.php Show response
cas.criteo.com/delivery/ 3 KB
2 KB 30ms
17ms XHR
text/javascript 178.250.2.71
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: http://cas.criteo.com/delivery/ajs.php?ptv=53&containerid=crt-500672&zoneid=500619&width=1048&height=326&cb=90209742597&nodis=1&charset=windows-1252&dlp=1&dc=3&atfr=0&loc=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: HTTP/1.1
Server: 178.250.2.71 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: cas.criteo.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d6987a7ad168acbd56e21e9b25db400ab2249c25ad32b8dfbda82fd7bfa0526d

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 11 Jul 2018 18:17:58 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: ASP.NET
P3P: CP='CUR ADM OUR NOR STA NID'
Content-Length: 1465
Pragma: no-cache
Server: Microsoft-IIS/10.0
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK json Show response
trc.taboola.com/forumotion-pt/trc/3/ 7 KB
4 KB 377ms
371ms Script
application/javascript 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://trc.taboola.com/forumotion-pt/trc/3/json?tim=18%3A17%3A58.930&data=%7B%22id%22%3A0%2C%22ii%22%3A%22%2Ft2765-infeccao-malware%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1531333078926%2C%22cv%22%3A%22314-210-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22e%22%3A%22https%3A%2F%2Fwww.google.com%2F%22%2C%22bad%22%3A-1%2C%22bw%22%3A1600%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-Below%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A47002.546875%2C%22mw%22%3A970%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22normal%22%7D
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: 85a35959d874d473b037b77022505285b93f4e57f46c81ef120d54a3a4e360cd

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:17:59 GMT
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
X-Cache: MISS
P3P: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
X-Cache-Hits: 0
Connection: keep-alive
X-Served-By: cache-fra19145-FRA
Server: nginx
X-Timer: S1531333079.938925,VS0,VE366
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK lg.php
cat.nl.eu.criteo.com/delivery/ Frame 1103 43 B
330 B 30ms
17ms Image
image/gif 178.250.2.66
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cat.nl.eu.criteo.com/delivery/lg.php?cppv=1&cpp=4TpH3XxPZ3hnQ3Z1YjhVNnIwTElPcmVGaDRJamVnNkQwVGh5WDZUYlRxdEFtUzZtSUtrdnQvVzZWWjNiYVphaDlxWVZRL0J1Nk1iaWxjMlhieXZmR3MyenFrRDJwc0g1S2UvYXcxaHY3S2tmbUd0Nm5uQjRteHROd1ZNYmswZDFsa3dtcGVzbUp0blYxdjkyRTEwYVZqS2pxSXp0RERtaHZRbUVoUTd2UHJJdUkwbkZaYnBOMWRTczl3dnRVdTBQcmoxNjlBTUdaZjhpNVB1SGxZakIwbTlxSGRrK0hOblhhYVZxeDNGak9tUzVZUFhQWkN3WGorbTVZL2FoaUpLNk1tMEJBfA%3D%3D
Requested by: Host: forumpcbrasil.forumeiros.com
URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Protocol: HTTP/1.1
Server: 178.250.2.66 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:17:58 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 91 B
550 B 196ms
37ms XHR
text/javascript 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 99c40a3379a5f940961b6ff602c2d4748b32460a40a65f2e0a51a7f3dca38001

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:00 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 91
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK tb Show response
15.taboola.com/ 14 KB
15 KB 24ms
17ms Script
text/html 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://15.taboola.com/tb?oid=15&pubnm=forumotion-pt&unitType=59&tbloc=&pageType=text&pstn=Slider%20-%20Video&uuip=&cisrf=https%3A%2F%2Fwww.google.com%2F&cirf=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&encoded=1&uid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&variant=-100|478567&callback=TRC.videoTagCallbacks.videoCallback1&cb=1531333080709&tagid=&cntry=DE&platform=1&sesid=4dda8df4f77a1612181d6d251524e837&itemid=/t2765-infeccao-malware&viewid=1531333078926&geolat=&geoing=&deviceifa=&appid=&sd=v2_4dda8df4f77a1612181d6d251524e837_10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56_1531333078_1531333078_CAwQhOM_GI7fwdTILCABKAEwODib4wlAgooQSJjEF1Cl7BBYAA&ri=7d22a8bb82ad2254af625a3287af8b52&appname=&cdb=&gdprApplies=
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Protocol: HTTP/1.1
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: c7c602bceaedbdd5a1f2db728d3e9738d9ecd521710921846b8751eb4bc458ef

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Async: true
Date: Wed, 11 Jul 2018 18:18:00 GMT
Via: 1.1 varnish
MachineId: 417
Transfer-Encoding: chunked
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Finished: true
X-Served-By: cache-fra19142-FRA
Pragma: no-cache
Server: nginx/1.9.12
X-Timer: S1531333081.718328,VS0,VE12
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Accept-Ranges: bytes
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
cdn.taboola.com/static/c5/ 3 KB
2 KB 13ms
7ms Image
image/svg+xml 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/static/c5/c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: 3GoWmPpnzFDs5CP3.ebHbCmhALWQMuvH
Content-Encoding: gzip
ETag: "11d8569a7da0739259e3ac0b0d666e94"
Age: 119
Via: 1.1 varnish
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 1502
x-amz-id-2: qeHEbLYnavlM1nkYqCv6XLCCqy6vhRJWF10ZcPyanQ9WBkX05mDRExcDFhbeFkmjsH+OPaPBFgk=
X-Served-By: cache-fra19138-FRA
Last-Modified: Sun, 10 Jun 2018 13:23:55 GMT
Server: AmazonS3
X-Timer: S1531333081.723468,VS0,VE0
Date: Wed, 11 Jul 2018 18:18:00 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
x-amz-request-id: C43879B48E7496DB
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
Content-Type: image/svg+xml
Access-Control-Allow-Headers: *
X-Cache-Hits: 603

GET
S

200

rtb-h
match.taboola.com/sg/appnexus-network/1/ Frame 8AB6
Redirect Chain

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID
http://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Ftrc.taboola.com%2Fsg%2Fappnexus-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24UID
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
52 B

49ms
12ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx/1.9.12
x-timer: S1531333082.901435,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19124-FRA

Redirect headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.851167,VS0,VE8
x-served-by: cache-hhn1528-HHN
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

rtb-h
trc.taboola.com/sg/exposebox-network/1/ Frame 8AB6
Redirect Chain

http://server.exposebox.com/rcm
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

0
518 B

30ms
24ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.513515,VS0,VE19
X-Served-By: cache-fra19138-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 11 Jul 2018 18:18:00 GMT
Via: 1.1 google
X-Powered-By: Express
Transfer-Encoding: chunked
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
cache-control: max-age:0
Expires: 0

GET
H/1.1

204
No Content

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 8AB6
Redirect Chain

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

0
517 B

19ms
13ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.513749,VS0,VE8
X-Served-By: cache-fra19136-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:00 GMT
Server: HTTP server (unknown)
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 303
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

match
match.basebanner.com/ Frame 8AB6
Redirect Chain

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
http://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

0
601 B

21ms
14ms

Image
text/plain

151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.930865,VS0,VE8
X-Served-By: cache-hhn1547-HHN
X-Cache: MISS
P3P: policyref="http://null/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.905505,VS0,VE9
X-Served-By: cache-fra19127-FRA
X-Cache: MISS
Location: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
S

204

rtb-h
trc.taboola.com/sg/storygize-network/1/ Frame 8AB6
Redirect Chain

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

0
116 B

15ms
14ms

Image
text/plain

151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Protocol: SPDY
Server: 151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.510517,VS0,VE8
x-served-by: cache-hhn1528-HHN
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 8AB6 35 B
383 B 194ms
97ms Image
image/gif 192.132.33.27
Bidtellect Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Protocol: HTTP/1.1
Server: 192.132.33.27 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS: 27.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-ServerName: track002-dc3-va
Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:00 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
S 200 us
i.ssix.io/c/ Frame 8AB6 43 B
151 B 39ms
16ms Image
image/gif 107.178.246.211
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ssix.io/c/us?c=taboola&v=89c9e63f&uid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 107.178.246.211 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 211.246.178.107.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Wed, 11 Jul 2018 18:18:00 GMT
cache-control: public, max-age=0
alt-svc: clear
content-length: 43
via: 1.1 google
content-type: image/gif

GET
H/1.1

200
OK

rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame 8AB6
Redirect Chain

http://x.bidswitch.net/sync?ssp=taboola
http://x.bidswitch.net/ul_cb/sync?ssp=taboola
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
263 B

54ms
13ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: HTTP/1.1
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.905507,VS0,VE8
X-Served-By: cache-fra19139-FRA
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.850860,VS0,VE8
X-Cache: MISS
Location: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Served-By: cache-fra19138-FRA

GET
S

200

rtb-h
match.taboola.com/sg/appnexus-network/1/ Frame 524D
Redirect Chain

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
86 B

17ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx/1.9.12
x-timer: S1531333082.853183,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19124-FRA

Redirect headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.509351,VS0,VE8
x-served-by: cache-hhn1528-HHN
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

rtb-h
trc.taboola.com/sg/exposebox-network/1/ Frame 524D
Redirect Chain

http://server.exposebox.com/rcm
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

0
517 B

19ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.514503,VS0,VE8
X-Served-By: cache-fra19145-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 11 Jul 2018 18:18:00 GMT
Via: 1.1 google
X-Powered-By: Express
Transfer-Encoding: chunked
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
cache-control: max-age:0
Expires: 0

GET
H/1.1

204
No Content

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 524D
Redirect Chain

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

0
517 B

19ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.514524,VS0,VE9
X-Served-By: cache-fra19132-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:00 GMT
Server: HTTP server (unknown)
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 303
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

match
match.basebanner.com/ Frame 524D
Redirect Chain

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

0
601 B

21ms
14ms

Image
text/plain

151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.932408,VS0,VE8
X-Served-By: cache-hhn1527-HHN
X-Cache: MISS
P3P: policyref="http://null/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.906206,VS0,VE8
X-Served-By: cache-fra19145-FRA
X-Cache: MISS
Location: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
S

204

rtb-h
trc.taboola.com/sg/storygize-network/1/ Frame 524D
Redirect Chain

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

0
121 B

16ms
15ms

Image
text/plain

151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Protocol: SPDY
Server: 151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.854154,VS0,VE9
x-served-by: cache-hhn1528-HHN
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 524D 35 B
383 B 96ms
95ms Image
image/gif 192.132.33.27
Bidtellect Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Protocol: HTTP/1.1
Server: 192.132.33.27 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS: 27.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-ServerName: track004-dc3-va
Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
S 200 us
i.ssix.io/c/ Frame 524D 43 B
104 B 17ms
16ms Image
image/gif 107.178.246.211
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ssix.io/c/us?c=taboola&v=89c9e63f&uid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 107.178.246.211 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 211.246.178.107.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Wed, 11 Jul 2018 18:18:01 GMT
cache-control: public, max-age=0
alt-svc: clear
content-length: 43
via: 1.1 google
content-type: image/gif

GET
H/1.1

200
OK

rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame 524D
Redirect Chain

http://x.bidswitch.net/sync?ssp=taboola
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
263 B

52ms
14ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: HTTP/1.1
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.905695,VS0,VE8
X-Served-By: cache-fra19134-FRA
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.852885,VS0,VE8
X-Cache: MISS
Location: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Served-By: cache-fra19145-FRA

GET
S

200

rtb-h
match.taboola.com/sg/appnexus-network/1/ Frame B7DC
Redirect Chain

http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID
https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8310411158998640619
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
52 B

47ms
12ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx/1.9.12
x-timer: S1531333082.901450,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19124-FRA

Redirect headers

date: Wed, 11 Jul 2018 18:18:01 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.854148,VS0,VE8
x-served-by: cache-hhn1528-HHN
status: 302
x-cache: MISS
location: https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8310411158998640619&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

rtb-h
trc.taboola.com/sg/exposebox-network/1/ Frame B7DC
Redirect Chain

http://server.exposebox.com/rcm
http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w

0
517 B

15ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.853126,VS0,VE8
X-Served-By: cache-fra19145-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 google
X-Powered-By: Express
Transfer-Encoding: chunked
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=7s5z9w
cache-control: max-age:0
Expires: 0

GET
H/1.1

204
No Content

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame B7DC
Redirect Chain

http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1

0
528 B

14ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.924287,VS0,VE8
X-Served-By: cache-fra19145-FRA
X-Cache: MISS
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
Server: HTTP server (unknown)
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEN1W8CQRLVvcqrmlkRSuIKQ&google_cver=1
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 303
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

match
match.basebanner.com/ Frame B7DC
Redirect Chain

http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=0823f12b-2817-4d70-a123-47a3b2dd73b3&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85

0
262 B

15ms
14ms

Image
text/plain

151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333083.553377,VS0,VE8
X-Served-By: cache-hhn1547-HHN
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.410488,VS0,VE83
X-Served-By: cache-fra19134-FRA
X-Cache: MISS
Location: http://match.basebanner.com/match?tabid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56&extuid=0823f12b-2817-4d70-a123-47a3b2dd73b3&excid=85
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
S

204

rtb-h
trc.taboola.com/sg/storygize-network/1/ Frame B7DC
Redirect Chain

http://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584

0
236 B

242ms
10ms

Image
text/plain

151.101.114.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Protocol: SPDY
Server: 151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 18:18:02 GMT
via: 1.1 varnish
server: nginx
x-timer: S1531333082.320384,VS0,VE8
x-served-by: cache-hhn1528-HHN
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=fe8c0d6d-fce9-4f22-8c0d-b53ffb706584
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame B7DC 35 B
383 B 95ms
95ms Image
image/gif 192.132.33.27
Bidtellect Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Protocol: HTTP/1.1
Server: 192.132.33.27 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS: 27.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-ServerName: track002-dc3-va
Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
S 200 us
i.ssix.io/c/ Frame B7DC 43 B
104 B 16ms
15ms Image
image/gif 107.178.246.211
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ssix.io/c/us?c=taboola&v=89c9e63f&uid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: SPDY
Server: 107.178.246.211 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 211.246.178.107.bc.googleusercontent.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Wed, 11 Jul 2018 18:18:01 GMT
cache-control: public, max-age=0
alt-svc: clear
content-length: 43
via: 1.1 google
content-type: image/gif

GET
H/1.1

200
OK

rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame B7DC
Redirect Chain

http://x.bidswitch.net/sync?ssp=taboola
http://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2
http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56

0
263 B

358ms
15ms

Image
text/plain

151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Protocol: HTTP/1.1
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333082.292291,VS0,VE8
X-Served-By: cache-fra19134-FRA
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

Redirect headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333082.934873,VS0,VE9
X-Cache: MISS
Location: http://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=54e94cc5-68c6-4258-87fa-7b92b2a99dd2&tbid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Served-By: cache-fra19136-FRA

GET
H/1.1 200
OK f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
1 KB 7ms
5ms Image
image/png 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20180702/r20110914/activeview/osd_listener.js
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
Via: 1.1 varnish
ETag: "dfa7b52c86e56bd67fa4002f6ed19854"
Age: 3286
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 254
x-amz-id-2: NHYqfgHhQMaFiaJfDtKC9204ZOyUMXDomIHau6bwEOKVPEp427r4r0UiFipOO01wjx45H1bVHTE=
X-Served-By: cache-fra19138-FRA
Last-Modified: Wed, 24 Jun 2015 07:14:11 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
X-Timer: S1531333082.920976,VS0,VE0
Date: Wed, 11 Jul 2018 18:18:01 GMT
x-amz-request-id: D631AE82D5B67BBE
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Hits: 6635

POST
H/1.1 204
No Content available Show response
trc.taboola.com/forumotion-pt/log/3/ 0
551 B 15ms
15ms XHR
image/gif 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://trc.taboola.com/forumotion-pt/log/3/available
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Server: nginx
X-Timer: S1531333081.499798,VS0,VE9
X-Served-By: cache-fra19145-FRA
X-Cache: MISS
P3P: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
X-Cache-Hits: 0

GET
H/1.1 200
OK 545e036e2a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/ 17 KB
18 KB 12ms
5ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/545e036e2a.jpg
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: d70f25d628d2c6bf5e2521fc0ba316ffe9edfc8e2f1eafde88cf5e50a7da0b32

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Age: 2160334
Edge-Cache-Tag: 587960238552019575051730638979302140579,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
Expiration: expiry-date="Thu, 14 Jun 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
X-Cache: HIT
Connection: keep-alive
X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/545e036e2a.jpg
Content-Length: 17030
X-Served-By: cache-fra19139-FRA
Last-Modified: Mon, 14 May 2018 08:09:29 GMT
Server: cloudinary
X-Timer: S1531333082.928260,VS0,VE0
ETag: "b4bac3629eefab29b10c4aa756062735"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Cache-Hits: 2

GET
H/1.1 200
OK 0fff0e2462.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//wojournals.com/images/blog/ 16 KB
17 KB 12ms
5ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//wojournals.com/images/blog/0fff0e2462.jpg
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 8ddeff0857c309215ca76eaa9316d4cec6567ea3d4345b2189f32a8d6eb1d66b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:01 GMT
Via: 1.1 varnish
Age: 2243680
Edge-Cache-Tag: 399301893699924849989087487124015563166,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
Expiration: expiry-date="Sun, 17 Jun 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
X-Cache: HIT
Connection: keep-alive
X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//wojournals.com/images/blog/0fff0e2462.jpg
Content-Length: 16433
X-Served-By: cache-fra19134-FRA
Last-Modified: Thu, 17 May 2018 15:35:33 GMT
Server: cloudinary
X-Timer: S1531333082.934146,VS0,VE0
ETag: "3909bda56a71c9506b42412e2e269fe6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Cache-Hits: 2

GET
H/1.1 200
OK 23e14c4665.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/ 15 KB
15 KB 269ms
7ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/23e14c4665.jpg
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 15dbd60436cda1ed2f632ac0ba98b67d82b52b51e1119c2270e1c465ac3f9ed3

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Age: 1196417
Edge-Cache-Tag: 533352941880531998993080762456474822856,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
Expiration: expiry-date="Thu, 17 May 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
X-Cache: HIT
Connection: keep-alive
X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buquiz.com/images/quizzes/questions/23e14c4665.jpg
Content-Length: 14929
X-Served-By: cache-fra19139-FRA
Last-Modified: Mon, 16 Apr 2018 05:51:16 GMT
Server: cloudinary
X-Timer: S1531333082.311405,VS0,VE0
ETag: "0448c7f52f1af647b94060a061c84de6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Cache-Hits: 2

GET
H/1.1 200
OK 9a1b5bab0b.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buhamster.com/images/blog/ 10 KB
11 KB 17ms
6ms Image
image/jpeg 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buhamster.com/images/blog/9a1b5bab0b.jpg
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 775fdaf57186dbac6188d9c808457ea0ef71575ca1b6b58f7b6bbd690a0d9deb

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Age: 450505
Edge-Cache-Tag: 469485781194794439763021958403035977269,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
Expiration: expiry-date="Fri, 29 Jun 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
X-Cache: HIT
Connection: keep-alive
X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//buhamster.com/images/blog/9a1b5bab0b.jpg
Content-Length: 9882
X-Served-By: cache-fra19134-FRA
Last-Modified: Tue, 29 May 2018 07:16:24 GMT
Server: cloudinary
X-Timer: S1531333082.323035,VS0,VE1
ETag: "cca0c2a4d32b8271a9a5818e7eb0e412"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
X-Cache-Hits: 1

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 42 B
501 B 31ms
30ms XHR
text/javascript 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 3bf00388c3a7d6eb4e46f2ee7f8ddc9ae8d9f8542d56d6253b248acc69894df8

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK creative_js.js Show response
vidstat.taboola.com/vpaid/units/14_12_0/creatives/ 4 KB
3 KB 21ms
10ms Script
application/javascript 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.314-210-RELEASE.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10eba73b3641332bde05fa8d6223e7017ac5207673602247c35f358ea89e3092

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 029f15a661be82d29f31e88713b71d65.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Access-Control-Max-Age: 3000
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
CF-RAY: 438d4534974563e5-FRA
Last-Modified: Wed, 06 Sep 2017 08:46:00 GMT
Server: cloudflare
ETag: W/"0df6cb700db4e2c8b3b7dcb734e91cb0"
x-amz-meta-uid: 0
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
x-amz-meta-gid: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2678400
x-amz-meta-mtime: 1499351521
Content-Type: application/javascript
X-Amz-Cf-Id: uujEG8_4Rmwn5BxNK0CneA_Nv_mWvZb5Nyvfw_LHuihiMUeFAn8Dpw==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

POST
H/1.1 400
Bad Request optimize Show response
api.viglink.com/api/ 986 B
1 KB 34ms
34ms XHR
text/html 54.72.165.213
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/optimize
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 54.72.165.213 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-72-165-213.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 4192f7a925a86b25b87e422c509071dc6d5222fef92358406b627882ee2c22af

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:01 GMT
Server: Apache-Coyote/1.1
Content-Language: en
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 986
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK st
imprammp.taboola.com/ Frame C34F 0
0 586ms
15ms Document
text/html 151.101.14.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://imprammp.taboola.com/st?cipid=8019757&ttype=0&cirid=246FDEC39245060130708544476&cicmp=1762675&cijs=1&dast=V7dEYCFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHHDKazUgsDmc5Ga0Gs8FislysdpPdZLgaDafgMGWnyWU5qAWypsnld4MOmk6H614v81teb8PHYnl4nma7zG95vV1Oy99z1_jdftFlN1utlXaby-Nx-N1qh9n3sLzsAAAAAPAAwLQVAvEDCAAQAQAAACABAAAAQBFQ8W8hcAEAAACAAWCgn6UBAPUBAPAQAAIAMKBAAiAw31kCcNHQcQIAAAAAAAAAwPL___8fA6D31SIDoFE-d2PQA_DgA_AgBAAAkDWkPk7gogG2YU4UEFrECAAAAIByv8X_SFInVBZVAAAE6VYAVwAAAWSKkHaSWbqDEm9hAAAAAWIdWSD0tEsnqGML9LD4_WaHXeN3uwwAAAAAAAAAwOz_7B9NiOhMKi1ohW1R7RcQAGDtFxAAgE3dAADeAuBC7gJNp8Pnutfrfr-7zu_3mV12jd_tFx1BKwaD1RnQbria7WYHAAAAcPf___-P15EFQk-7dIKqB0Ijk8M4splmvt3CMVtMFsPFyDayrBaryWhl3Oy2lz6lRk50_4Pc5zBlp8llOagFsqbJ5bffhC1Gq8lksxzOlovJYDgajkb7E7DdACdoOBwsdoPFbrEYThaT0WA5WKBADCY4IcPRZrIa7Va7yXI4GY1mm8kGKVq1mo02g-FqNpntdqvhYLgcjZCiNYvZZLKYjZa7zWA5GQ2Gk-EQYWIws41MJpdbttzt1qKJa-UWzmaGtcjjsq1mtonD4xmuRa-P6bKZeWyu2RYFAxr2IrhIJzK_5fX2m55-u1twuoglmpNFOpFd9qWRyWEc2Uwz327hmC0mi-FiZBtZVovVZLQybnb7xmBmG5lMLrdsudutRRPXyi2czQxrkcdlW81sE4fHM1yLXh_TZTPz2FyzfWO1WWw2m8FuuG-sNovNZjPYDfcdBu9R9LP5PSZv5juZmmQOg8JlsHh_EtNi2p0dPL_f0alSXTTGhuybUJgNBkUsEZwu0onoZTxdxBLJ0yKd6EaWycI4sRgnC5NlshotbLbJauGZDHcLm3HimkzEEqXpIp3oRZfdbLVW2m0uj8fhd6sdZt_D8rKo_-gQo-FcslrMRau5ZDVaJQAAAAAAAACAJcyZNwEAAAAA!&excid=22&tst=1&docw=0
Requested by: Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
Protocol: HTTP/1.1
Server: 151.101.14.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash

Request headers

Host: imprammp.taboola.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Cookie: t_gid=10f6ddde-6977-4b5e-86f0-dce65f6bac38-tuct23fcf56; stpt=CwsIPBCq7RAMCwggEIm8EQwLCD8QibwRDAsIOxCJvBEMCwhAEIm8EQwLCCQQibwRDAsILRCJvBEMCwgnEIm8EQwMExQ; taboola_usg=GgwQtYtFEK61QxDL-UU; __cfduid=d9da487ff8f3d45e64df465c6ee125c0c1531333082
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Server: nginx/1.9.12
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Accept-Ranges: bytes
Date: Wed, 11 Jul 2018 18:18:04 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-fra19123-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1531333084.091690,VS0,VE10

GET
H/1.1 200
OK cmTagSLIDER_INSTREAM.js Show response
vidstat.taboola.com/vpaid/units/18_29_1/infra/ 406 KB
96 KB 28ms
28ms Script
application/javascript 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/18_29_1/infra/cmTagSLIDER_INSTREAM.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7943c5b24cb2507066eddd65ed07ad1ee96f770ec95f204855d1c1dda9f98e2

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 3df8c233328fbbb4fd91eb496d73f2d8.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 04 Jul 2018 15:35:32 GMT
Server: cloudflare
ETag: W/"55d00060678ac30c43f17f096a25ca00"
x-amz-meta-uid: 0
Vary: Accept-Encoding
x-amz-meta-gid: 0
Expires: Sat, 11 Aug 2018 18:18:02 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 438d4535277563e5-FRA
X-Amz-Cf-Id: X4ReOeXiUsttGycGAmwHEZZAs_ORX4xY6l1_IMTRJtefNmDqOlGpXA==
x-amz-meta-mtime: 1530718400

GET
H/1.1 200
OK cmOsUnit.css
vidstat.taboola.com/vpaid/units/18_29_1/assets/css/ 23 KB
5 KB 14ms
9ms Stylesheet
text/css 2400:cb00:2048:1::6811:8f4c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/units/18_29_1/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/14_12_0/creatives/creative_js.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:8f4c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43502f02c4f85a8db193da031d3a7e21273b075d26fc2becab3af69b87c8e81d

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 d6fa2e1de8f392301c10fd5bb7b263c3.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: text/css
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Wed, 04 Jul 2018 15:35:24 GMT
Server: cloudflare
ETag: W/"e340e80254ed29b387ddf894e10ca227"
x-amz-meta-uid: 0
Vary: Accept-Encoding
x-amz-meta-gid: 0
Expires: Sat, 11 Aug 2018 18:18:02 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 438d453525fb97e6-FRA
X-Amz-Cf-Id: eAQSEIKc8ufMPzCvnSfLIDInUVegrhMmYDhTuiwBIuUKWHDrYrFTeQ==
x-amz-meta-mtime: 1530718511

GET
H/1.1 200
OK content27_5_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 22ms
22ms Script
application/javascript 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/content27_5_18m.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/18_29_1/infra/cmTagSLIDER_INSTREAM.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb94a192051b7dd6da5d4b53d4d65d213143a51e9772b2a01ce7d86553796a2e

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 147e057d2f96cf5a0082d96978e38a5b.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Sun, 27 May 2018 15:49:49 GMT
Server: cloudflare
ETag: W/"68d43e29fad15ffc465eb22242500fe9"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=2678400
CF-RAY: 438d4535e7a663e5-FRA
X-Amz-Cf-Id: 0b-2kItH686isSl_k6IujGiynrn4NRMBWeGSMraKWSmslhtSfa3epg==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

GET
H/1.1 200
OK OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/ 563 KB
147 KB 21ms
20ms Script
application/javascript 2400:cb00:2048:1::6811:8f4c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/units/18_29_1/infra/cmTagSLIDER_INSTREAM.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:8f4c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf25bde344d442fbdcb13d1497187726f38240092235f5f845f6f7f1a2554e52

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 20a891ec86c8f18744df46d069934412.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Content-Type: application/javascript
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 09 Jul 2018 08:26:36 GMT
Server: cloudflare
ETag: W/"ca32c5d14a377417f99f7ca0eeec380c"
x-amz-meta-uid: 0
Vary: Accept-Encoding
x-amz-meta-gid: 0
Expires: Sat, 11 Aug 2018 18:18:02 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 438d4535f68f97e6-FRA
X-Amz-Cf-Id: DtT1dA6-aZ20fSCLjqH4wMvGNtza9QYCiVgTtdw4-CkGif1fxDTLQg==
x-amz-meta-mtime: 1531124786

GET
H/1.1 200
OK st
convammp.taboola.com/ 0
262 B 24ms
14ms Image
text/plain 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://convammp.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8019757&crid=5004065&dast=V7kH4CFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHGzKazUgsDmc5Ga0Gs8FiM9gNhqvRaLSbDYFDRrMZicXhLCej1WA2WEyWi9VuspsMV6PhFBym7DS5LAe1QNY0ufxu0EHT6XDd62V-y-tt-FgsD8_TbJf5La-3y2n5e-4av9svuuxmq7XSbnN5PA6_W-0w-x6Wlx0AAAAAHgCYtkIgfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADPSzNACgPgAAHgJAAAAGFEgABOY7SwAuGjpOAAAAAAAAAABY_v___2MA9L5aZAA0yud6AB58AB6IAkKLGAEAAABQ7rf4H0nqhMqiCgCAIN0K4AoAIIBMEdJOMgwAACBArCMLhJ526QR1bIEeFr_f7LBr_G6XAQAAAAAAAACY_Z_9owkRnUmlBa2wLar9AgIArP0CAgCwqRsAwFsAXMhdoOl0-Fz3et3vd9f5_T6zy67xu_2iI2jFYLA6A9oNV7Pd7AAAAADu_v____E6skDoaZdOUPVAaGRyGEc208y3Wzhmi8liuBjZRpbVYjUZrYyb3fbSp9TIie5_kPscpuw0uSwHtUDWNLn89puwxWg1mWyWw9lyMRkMR8PRaH8CthvgBA2Hg8VusNgtFsPJYjIaLAcLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCJMDGa2kcnkcsuWu91aNHGt3MLZzLAWeVy21cw2cXg8w7Xo9TFdNjOPzTXbomBAw14EF-lE5re83n7T0293C04XsURzskgnssu-NDI5jCObaebbLRyzxWQxXIxsI8tqsZqMVsbNbt8YzGwjk8nlli13u7Vo4lq5hbOZYS3yuGyrmW3i8HiGa9HrY7psZh6ba7ZvrDaLzWYz2A33jdVmsdlsBrvhvsPgPYp-Nr_H5M18J1OTzGFQuAwW709iWky7s4Pn9zs6VaqLxtiQfRMKs8GgiCWC00U6Eb2Mp4tYInlapBPdyDJZGCcW42RhskxWo4XNNlktPJPhbmEzTlyTiViiNF2kE73osput1kq7zeXxOPxutcPse1heFvUfHWI0nEtWi7loNZesRqsEAAAAAAAAALCEOfMmAAAAAA!&cmcv=&pix=31589837&cb=1531333082534&uv=18291&abt=kp2_vB&ru=https%3A%2F%2Fwww.google.com%2F&unm=SLIDER_INSTREAM
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333083.564091,VS0,VE8
X-Served-By: cache-hhn1541-HHN
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
H/1.1 200
OK st
convammp.taboola.com/ 0
262 B 24ms
15ms Image
text/plain 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://convammp.taboola.com/st?cijs=convusmp&ttype=72&cisd=convusmp&cipid=8019757&crid=5004065&dast=V7kH4CFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHGzKazUgsDmc5Ga0Gs8FiM9gNhqvRaLSbDYFDRrMZicXhLCej1WA2WEyWi9VuspsMV6PhFBym7DS5LAe1QNY0ufxu0EHT6XDd62V-y-tt-FgsD8_TbJf5La-3y2n5e-4av9svuuxmq7XSbnN5PA6_W-0w-x6Wlx0AAAAAHgCYtkIgfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADPSzNACgPgAAHgJAAAAGFEgABOY7SwAuGjpOAAAAAAAAAABY_v___2MA9L5aZAA0yud6AB58AB6IAkKLGAEAAABQ7rf4H0nqhMqiCgCAIN0K4AoAIIBMEdJOMgwAACBArCMLhJ526QR1bIEeFr_f7LBr_G6XAQAAAAAAAACY_Z_9owkRnUmlBa2wLar9AgIArP0CAgCwqRsAwFsAXMhdoOl0-Fz3et3vd9f5_T6zy67xu_2iI2jFYLA6A9oNV7Pd7AAAAADu_v____E6skDoaZdOUPVAaGRyGEc208y3Wzhmi8liuBjZRpbVYjUZrYyb3fbSp9TIie5_kPscpuw0uSwHtUDWNLn89puwxWg1mWyWw9lyMRkMR8PRaH8CthvgBA2Hg8VusNgtFsPJYjIaLAcLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCJMDGa2kcnkcsuWu91aNHGt3MLZzLAWeVy21cw2cXg8w7Xo9TFdNjOPzTXbomBAw14EF-lE5re83n7T0293C04XsURzskgnssu-NDI5jCObaebbLRyzxWQxXIxsI8tqsZqMVsbNbt8YzGwjk8nlli13u7Vo4lq5hbOZYS3yuGyrmW3i8HiGa9HrY7psZh6ba7ZvrDaLzWYz2A33jdVmsdlsBrvhvsPgPYp-Nr_H5M18J1OTzGFQuAwW709iWky7s4Pn9zs6VaqLxtiQfRMKs8GgiCWC00U6Eb2Mp4tYInlapBPdyDJZGCcW42RhskxWo4XNNlktPJPhbmEzTlyTiViiNF2kE73osput1kq7zeXxOPxutcPse1heFvUfHWI0nEtWi7loNZesRqsEAAAAAAAAALCEOfMmAAAAAA!&cmcv=&pix=&cb=1531333082543&uv=18291&abt=kp2_vB&ru=https%3A%2F%2Fwww.google.com%2F&unm=SLIDER_INSTREAM
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333083.561779,VS0,VE8
X-Served-By: cache-hhn1548-HHN
X-Cache: MISS
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

GET
H/1.1 200
OK 3aadbb71016ecd7a194bbe2791777e9a.png
cdn.taboola.com/libtrc/static/thumbnails/ 581 B
1 KB 6ms
5ms Image
image/png 151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cdn.taboola.com/libtrc/static/thumbnails/3aadbb71016ecd7a194bbe2791777e9a.png
Requested by: Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/osd.js
Protocol: HTTP/1.1
Server: 151.101.14.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

Referer: http://vidstat.taboola.com/vpaid/units/18_29_1/assets/css/cmOsUnit.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: 6aZUfTQ.S26Y_1N5QpSv75PDrWc.NB7q
Via: 1.1 varnish
ETag: "2697f4b848d2400cd051312585a6bf42"
Age: 3282
X-Cache: HIT
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 581
x-amz-id-2: auGRTMYtQD/og+1hY6teBpzVgUst2G6I/sS4IoUv+p07/DlHNjWMm0DIt9Bo1CCMl6iI+7cRwmY=
X-Served-By: cache-fra19138-FRA
Last-Modified: Wed, 24 Jun 2015 08:00:33 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1426488754/atime:1435045951/md5:2697f4b848d2400cd051312585a6bf42/ctime:1426488754
X-Timer: S1531333083.570575,VS0,VE0
Date: Wed, 11 Jul 2018 18:18:02 GMT
x-amz-request-id: 256A850C6CAD59A3
Cache-Control: private,max-age=31536000
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Hits: 2154

GET
H/1.1 200
OK hjk.207_ne.js Show response
vidstat.taboola.com/vpaid/ 5 KB
2 KB 12ms
11ms Script
application/javascript 2400:cb00:2048:1::6811:8f4c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/hjk.207_ne.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:8f4c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d782a7910c7ecf35ebd2b740361d534f3a81723b7a6daafc2168dae30f1e22bb

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 fc8079312db6046d812ded83f2668ac6.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 10 May 2018 12:17:08 GMT
Server: cloudflare
ETag: W/"0ea451057fee479f7a7da213db042729"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=2678400
CF-RAY: 438d4537073997e6-FRA
X-Amz-Cf-Id: onBIu6rjsGbJv14LCm5UWabSbDCrQFDJacxjCX60MnqXvlVRlWZOuA==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

GET
H/1.1 200
OK player.css
vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/assets/ 12 KB
3 KB 10ms
9ms Stylesheet
text/css 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/assets/player.css
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 893694462bb1fd0753fdb6749b81b1dd5cf28f28e5107e8fb8a60e93b365d2c5

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 87d9aea4d506336db7581ecbaea3a01f.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Content-Type: text/css
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 09 Jul 2018 08:26:39 GMT
Server: cloudflare
ETag: W/"d6d440fb82cb9afbc68c1b9907a09530"
x-amz-meta-uid: 0
Vary: Accept-Encoding
x-amz-meta-gid: 0
Expires: Sat, 11 Aug 2018 18:18:02 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 438d453707fa63e5-FRA
X-Amz-Cf-Id: BmlrH5Ns0gYmlrGqsC2Xsu51-NTvtb4Y89lopZZBcCK2v4YkRqLCtQ==
x-amz-meta-mtime: 1531124733

GET
H/1.1 200
OK dsm.js Show response
vidstat.taboola.com/vpaid/ds/138/ 1 KB
905 B 14ms
8ms Script
application/javascript 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/ds/138/dsm.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe55d5923aea9dd9045935f06b035b89f26c9822f5ffee8112ef1821df64696e

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 fd0b6604a702c913fca13c5d665f0604.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 03 Jul 2018 06:18:43 GMT
Server: cloudflare
ETag: W/"eb6d14d533786037573be17d1464d6ae"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=2678400
CF-RAY: 438d4537070d643f-FRA
X-Amz-Cf-Id: Rt5du3kRa80GA1NDOMW2mphXMeqczhKZ85pbn5nt68RwMT7ipaRYLw==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

GET
H/1.1 206
Partial Content 11-travel-tools-you-wont-regret-splurging-on.mp4
vidstatb.taboola.com/vid/ 3 MB
3 MB 27ms
10ms Media
video/mp4 2400:cb00:2048:1::6811:8e4c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstatb.taboola.com/vid/11-travel-tools-you-wont-regret-splurging-on.mp4
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:8e4c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b43344a84d27d5328f03df273b3e2d4508aa55f093d99d2aa95c160c17541cb9

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Range: bytes=0-
chrome-proxy: frfr

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 5d53a1d9ef3a6f7480785993c37a7ad5.cloudfront.net (CloudFront)
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Cache: Hit from cloudfront
Content-Range: bytes 0-3005097/3005098
Connection: keep-alive
Content-Length: 3005098
Last-Modified: Thu, 29 Mar 2018 08:22:42 GMT
Server: cloudflare
ETag: "7eb53ac377d084afd29b4619c31bd36c"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: video/mp4
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2678400
CF-RAY: 438d45373504266c-FRA
X-Amz-Cf-Id: fyfj6L08_Bicmez0xVlVfOR_dvcTcbqHKjg3vrqH26CtBZLw822DNA==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1 200
OK vpaidAnalytics.23.js Show response
vidstat.taboola.com/vpaid/ 8 KB
3 KB 8ms
8ms Script
application/javascript 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://vidstat.taboola.com/vpaid/vpaidAnalytics.23.js
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8058ac874aaf7a42659f311ae61a9ea7119b9ca2fa6925bfb9cecb4b47412f2b

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 617456b5ad99c756ee702b235ecfe148.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 24 May 2018 10:45:24 GMT
Server: cloudflare
ETag: W/"4667c13907a5c2cca349bdf6764ce139"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=2678400
CF-RAY: 438d4537d768643f-FRA
X-Amz-Cf-Id: NAgZva_rZ-DjvukwjmO1QLQb6DM3WPaxyjEkMhyz7LEHN2SGVMTWcg==
Expires: Sat, 11 Aug 2018 18:18:02 GMT

POST
H/1.1 200
OK VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 5 KB
6 KB 140ms
131ms XHR
application/json 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=5004065&noaop=2&sortOrderType=0&cb=1531333082852&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=9151&pt=-162129506&tz=0&viewable=true&ddast=V7kH4CFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHGzKazUgsDmc5Ga0Gs8FiM9gNhqvRaLSbDYFDRrMZicXhLCej1WA2WEyWi9VuspsMV6PhFBym7DS5LAe1QNY0ufxu0EHT6XDd62V-y-tt-FgsD8_TbJf5La-3y2n5e-4av9svuuxmq7XSbnN5PA6_W-0w-x6Wlx0AAAAAHgCYtkIgfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADPSzNACgPgAAHgJAAAAGFEgABOY7SwAuGjpOAAAAAAAAAABY_v___2MA9L5aZAA0yud6AB58AB6IAkKLGAEAAABQ7rf4H0nqhMqiCgCAIN0K4AoAIIBMEdJOMgwAACBArCMLhJ526QR1bIEeFr_f7LBr_G6XAQAAAAAAAACY_Z_9owkRnUmlBa2wLar9AgIArP0CAgCwqRsAwFsAXMhdoOl0-Fz3et3vd9f5_T6zy67xu_2iI2jFYLA6A9oNV7Pd7AAAAADu_v____E6skDoaZdOUPVAaGRyGEc208y3Wzhmi8liuBjZRpbVYjUZrYyb3fbSp9TIie5_kPscpuw0uSwHtUDWNLn89puwxWg1mWyWw9lyMRkMR8PRaH8CthvgBA2Hg8VusNgtFsPJYjIaLAcLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCJMDGa2kcnkcsuWu91aNHGt3MLZzLAWeVy21cw2cXg8w7Xo9TFdNjOPzTXbomBAw14EF-lE5re83n7T0293C04XsURzskgnssu-NDI5jCObaebbLRyzxWQxXIxsI8tqsZqMVsbNbt8YzGwjk8nlli13u7Vo4lq5hbOZYS3yuGyrmW3i8HiGa9HrY7psZh6ba7ZvrDaLzWYz2A33jdVmsdlsBrvhvsPgPYp-Nr_H5M18J1OTzGFQuAwW709iWky7s4Pn9zs6VaqLxtiQfRMKs8GgiCWC00U6Eb2Mp4tYInlapBPdyDJZGCcW42RhskxWo4XNNlktPJPhbmEzTlyTiViiNF2kE73osput1kq7zeXxOPxutcPse1heFvUfHWI0nEtWi7loNZesRqsEAAAAAAAAALCEOfMmAAAAAA!&proto=2,3,5,6&dtagid=1510685&dpubid=193437&abtst=kp2_vB&mPre=0.033&encoded=1&pstn=1&cirf=http%3A%2F%2Fforumpcbrasil.forumeiros.com&callback=&wfv=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash: 806d062c93a8c43e7273c6f59a1f3aeb70896f9cc147d115ba36c3c7c9c5b87f

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain

Response headers

Async: true
Date: Wed, 11 Jul 2018 18:18:02 GMT
Via: 1.1 varnish
MachineId: 406
X-Cache: MISS
Connection: keep-alive
Finished: true
Content-Length: 5407
X-Served-By: cache-hhn1541-HHN
Pragma: no-cache
Server: nginx/1.9.12
X-Timer: S1531333083.869203,VS0,VE125
Content-Type: application/json;charset=ISO-8859-1
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
X-Cache-Hits: 0

POST
H/1.1 400
Bad Request optimize Show response
api.viglink.com/api/ 986 B
1 KB 90ms
61ms XHR
text/html 52.48.254.224
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://api.viglink.com/api/optimize
Requested by: Host: cdn.viglink.com
URL: http://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Server: 52.48.254.224 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-48-254-224.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 4192f7a925a86b25b87e422c509071dc6d5222fef92358406b627882ee2c22af

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:02 GMT
Server: Apache-Coyote/1.1
Content-Language: en
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Content-Length: 986
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 2 KB
1 KB 14ms
6ms XHR
application/xml 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 653b96aa08f651ac8f64066162411061aa3625991c69f5a06e52f3a25951a51d

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:03 GMT
Content-Encoding: gzip
Server: Apache/2.2.15 (CentOS)
ETag: "19c002f-2d87-56d54f45e09a3"
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 642
Expires: Wed, 11 Jul 2018 18:18:03 GMT

GET
H/1.1 200
OK 230557 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 157ms
68ms XHR
text/xml 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/230557?VPAID=js&content_page_url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&player_width=400&player_height=225&vid_duration=53&content_id=inline&custom_skin=1&custom[content][]=&custom[pub_lang]=pt&regs[gdpr]=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 11 Jul 2018 18:18:03 GMT
X-SpotX-Timing-Transform: 0.000340
X-SpotX-Timing-SpotMarket: 0.052158
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
X-SpotX-Timing-Page-Require: 0.000555
X-fe: 073
Connection: Keep-Alive
X-SpotX-Timing-Page-Cookie: 0.001407
Content-Length: 67
X-SpotX-Timing-Page: 0.055259
Pragma: no-cache
Access-Control-Allow-Headers
X-SpotX-Timing-Page-Context: 0.000283
Last-Modified: Wed, 11 Jul 2018 18:18:03 GMT
Server: Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.038732
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
X-SpotX-Timing-Page-Misc: 0.000285
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.013426
X-SpotX-Timing-Page-URI: 0.000011
X-SpotX-Timing-Page-Mux: 0.000219
Keep-Alive: timeout=60, max=99936
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK PMAdMgr.js Show response
vpaid.pubmatic.com/ads/video/ Frame E418 139 KB
33 KB 6ms
5ms Script
text/javascript 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 21631bccf6318dfbba42025dff40c28ae84bc7c010d7588c6b368014baf08693

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 29 May 2018 09:35:04 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "19c002e-22b49-56d54f2f58e7d"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=10800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32992

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 4EFA 0
0 374ms
11ms Document
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: EBB0B3684E2D0B8AC965383C470B81C9
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware

Response headers

Expires: Fri, 13 Jul 2018 13:12:46 GMT
Last-Modified: Thu, 31 May 2018 07:27:09 GMT
ETag: "13006c6-8706-56d7b65272dd4"
Cache-Control: max-age=172736, public
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13111
Content-Type: text/html; charset=UTF-8
Date: Wed, 11 Jul 2018 18:18:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame E418 0
1 KB 11ms
5ms Script
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Cache-Control: max-age=172736, public
Last-Modified: Thu, 31 May 2018 07:27:09 GMT
Content-Type: text/html; charset=UTF-8
Expires: Fri, 13 Jul 2018 13:12:46 GMT

GET
H/1.1 200
OK pause2.svg
vidstat.taboola.com/assets/video_controls/ 391 B
1 KB 34ms
8ms Image
image/svg+xml 2400:cb00:2048:1::6811:914c
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidstat.taboola.com/assets/video_controls/pause2.svg
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:914c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 437513ec64a0d4c9b838a51cf1e57bfb0d75586f35ddd91d0de1d01335fd0969

Request headers

Referer: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/assets/player.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:04 GMT
Via: 1.1 40b36a86ab4ea993a78087b1ceb80e25.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
x-amz-meta-mode: 33188
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Sun, 02 Jul 2017 14:26:33 GMT
Server: cloudflare
ETag: W/"0ae31cb3e45e52b441abf8cc6208a36e"
x-amz-meta-uid: 0
Vary: Accept-Encoding
x-amz-meta-gid: 0
Expires: Sat, 11 Aug 2018 18:18:04 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 438d453f9291643f-FRA
X-Amz-Cf-Id: 0jNyFQ9oayCBKhOv5-AhExCEYKcGfI4dryiO-sR015Hh4CTI7II19A==
x-amz-meta-mtime: 1498396298

GET
H/1.1 200
OK desk_muted2.svg
vidstat.taboola.com/assets/video_controls/ 688 B
1 KB 37ms
11ms Image
image/svg+xml 2400:cb00:2048:1::6811:8f4c
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://vidstat.taboola.com/assets/video_controls/desk_muted2.svg
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6811:8f4c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b07af50f99890a6edd3601bb8cf2d7ebdb404904067925d794d1cd450e939f57

Request headers

Referer: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/assets/player.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:04 GMT
Via: 1.1 f989b812753677758cd8909391e239ac.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Sun, 19 Nov 2017 12:19:28 GMT
Server: cloudflare
ETag: W/"c374f9a1c65db8dd9f4b435bd1adb4ed"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: public, max-age=2678400
CF-RAY: 438d453f94de97e6-FRA
X-Amz-Cf-Id: XKDueW28Rtg6FVf5TNnq9T8vwUAQ5XkQ6rg-A79wAPhv4PTfTngTGA==
Expires: Sat, 11 Aug 2018 18:18:04 GMT

GET
H/1.1 200
OK AdServerServlet Show response
vid.pubmatic.com/AdServer/ Frame E418 27 B
635 B 252ms
13ms XHR
application/xml 198.47.127.32
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: http://vid.pubmatic.com/AdServer/AdServerServlet?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+3+4+5+7+6&kadpageurl=http://forumpcbrasil.forumeiros.com&gdpr=1&kltstamp=2018-7-11%2018%3A18%3A3&ranreq=0.6227538506610821&timezone=0&gdpr_consent=&SAVersion=2&inIframe=1&pageURL=&screenResolution=-1x-1&kdntuid=1&vwndh=0&vwndw=0&vwndurl=&vwndref=&vc=2&js=1
Requested by: Host: vpaid.pubmatic.com
URL: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Protocol: HTTP/1.1
Server: 198.47.127.32 Redwood City, United States, ASN3257 (GTT-BACKBONE GTT, DE),
Reverse DNS
Software: nginx /
Resource Hash: a71702232a771b558b12f8c0012a15f5652b500fd2e33464d283406cee36754d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com

Response headers

Date: Wed, 11 Jul 2018 18:18:04 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
X-Vdbg: 1:0/165:-1
Content-Type: application/xml; charset=utf-8

GET
H/1.1 200
OK track
aktrack.pubmatic.com/ 0
124 B 217ms
5ms Image
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aktrack.pubmatic.com/track?operId=7&p=156307&s=230587&a=1211452&ts=1531333083&wa=0&e=96&ier=[ERRORCODE]%20%20&1531333085577
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:06 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: text/html

POST
H/1.1 200
OK OpportunityServlet
opps.taboola.com/ 0
369 B 182ms
20ms XHR
text/plain 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://opps.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain

Response headers

Date: Wed, 11 Jul 2018 18:18:08 GMT
Via: 1.1 varnish
Server: nginx/1.9.12
X-Timer: S1531333088.269863,VS0,VE11
X-Served-By: cache-hhn1539-HHN
X-Cache: MISS
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
X-Cache-Hits: 0

POST
H/1.1 200
OK VideoBidRequestHandlerServlet
wf.taboola.com/ 5 KB
6 KB 137ms
135ms XHR
application/json 151.101.114.49
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: http://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=5004065&noaop=2&sortOrderType=0&cb=1531333088224&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=-1&seq=2&pv=9151&pt=-162129506&tz=0&viewable=true&ddast=V7kH4CFgNs1qD30htEWwRs1qD30htEWwUAAAAGBjsHGzKazUgsDmc5Ga0Gs8FiM9gNhqvRaLSbDYFDRrMZicXhLCej1WA2WEyWi9VuspsMV6PhFBym7DS5LAe1QNY0ufxu0EHT6XDd62V-y-tt-FgsD8_TbJf5La-3y2n5e-4av9svuuxmq7XSbnN5PA6_W-0w-x6Wlx0AAAAAHgCYtkIgfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADPSzNACgPgAAHgJAAAAGFEgABOY7SwAuGjpOAAAAAAAAAABY_v___2MA9L5aZAA0yud6AB58AB6IAkKLGAEAAABQ7rf4H0nqhMqiCgCAIN0K4AoAIIBMEdJOMgwAACBArCMLhJ526QR1bIEeFr_f7LBr_G6XAQAAAAAAAACY_Z_9owkRnUmlBa2wLar9AgIArP0CAgCwqRsAwFsAXMhdoOl0-Fz3et3vd9f5_T6zy67xu_2iI2jFYLA6A9oNV7Pd7AAAAADu_v____E6skDoaZdOUPVAaGRyGEc208y3Wzhmi8liuBjZRpbVYjUZrYyb3fbSp9TIie5_kPscpuw0uSwHtUDWNLn89puwxWg1mWyWw9lyMRkMR8PRaH8CthvgBA2Hg8VusNgtFsPJYjIaLAcLFIjBBCdkONpMVqPdajdZDiej0Wwz2SBFq1az0WYwXM0ms91uNRwMl6MRUrRmMZtMFrPRcrcZLCejwXAyHCJMDGa2kcnkcsuWu91aNHGt3MLZzLAWeVy21cw2cXg8w7Xo9TFdNjOPzTXbomBAw14EF-lE5re83n7T0293C04XsURzskgnssu-NDI5jCObaebbLRyzxWQxXIxsI8tqsZqMVsbNbt8YzGwjk8nlli13u7Vo4lq5hbOZYS3yuGyrmW3i8HiGa9HrY7psZh6ba7ZvrDaLzWYz2A33jdVmsdlsBrvhvsPgPYp-Nr_H5M18J1OTzGFQuAwW709iWky7s4Pn9zs6VaqLxtiQfRMKs8GgiCWC00U6Eb2Mp4tYInlapBPdyDJZGCcW42RhskxWo4XNNlktPJPhbmEzTlyTiViiNF2kE73osput1kq7zeXxOPxutcPse1heFvUfHWI0nEtWi7loNZesRqsEAAAAAAAAALCEOfMmAAAAAA!&proto=2,3,5,6&dtagid=1510685&dpubid=193437&abtst=kp2_vB&mPre=0.033&encoded=1&pstn=1&cirf=http%3A%2F%2Fforumpcbrasil.forumeiros.com&callback=&wfv=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.12 /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: text/plain

Response headers

Async: true
Date: Wed, 11 Jul 2018 18:18:08 GMT
Via: 1.1 varnish
MachineId: 401
X-Cache: MISS
Connection: keep-alive
Finished: true
Content-Length: 5418
X-Served-By: cache-hhn1541-HHN
Pragma: no-cache
Server: nginx/1.9.12
X-Timer: S1531333088.267794,VS0,VE129
Content-Type: application/json;charset=ISO-8859-1
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK vadtag.html
vpaid.pubmatic.com/ads/video/ 2 KB
1 KB 11ms
9ms XHR
application/xml 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 11 Jul 2018 18:18:08 GMT
Content-Encoding: gzip
Server: Apache/2.2.15 (CentOS)
ETag: "19c002f-2d87-56d54f45e09a3"
Vary: Accept-Encoding
Content-Type: application/xml
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 642
Expires: Wed, 11 Jul 2018 18:18:08 GMT

GET
H/1.1 200
OK 230557
search.spotxchange.com/vast/2.00/ 67 B
1 KB 68ms
67ms XHR
text/xml 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/230557?VPAID=js&content_page_url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&player_width=400&player_height=225&vid_duration=53&content_id=inline&custom_skin=1&custom[content][]=&custom[pub_lang]=pt&regs[gdpr]=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 11 Jul 2018 18:18:08 GMT
X-SpotX-Timing-Transform: 0.000411
X-SpotX-Timing-SpotMarket: 0.049688
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
X-SpotX-Timing-Page-Require: 0.000683
X-fe: 018
Connection: Keep-Alive
X-SpotX-Timing-Page-Cookie: 0.001640
Content-Length: 67
X-SpotX-Timing-Page: 0.053360
Pragma: no-cache
Access-Control-Allow-Headers
X-SpotX-Timing-Page-Context: 0.000368
Last-Modified: Wed, 11 Jul 2018 18:18:08 GMT
Server: Apache/2.2.34 (Unix) mod_ssl/2.2.34 OpenSSL/1.0.1e-fips
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.036473
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
X-SpotX-Timing-Page-Misc: 0.000300
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.013215
X-SpotX-Timing-Page-URI: 0.000013
X-SpotX-Timing-Page-Mux: 0.000257
Keep-Alive: timeout=60, max=99948
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK PMAdMgr.js
vpaid.pubmatic.com/ads/video/ Frame DF02 139 KB
0 6ms
5ms Script
text/javascript 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Requested by: Host: vidstat.taboola.com
URL: http://vidstat.taboola.com/vpaid/vPlayer/player/v9.1.51/OvaMediaPlayer.js
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Response headers

Date: Wed, 11 Jul 2018 18:18:03 GMT
Content-Encoding: gzip
Last-Modified: Tue, 29 May 2018 09:35:04 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "19c002e-22b49-56d54f2f58e7d"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=10800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32992

GET showad.js
ads.pubmatic.com/AdServer/js/ Frame B745 0
0

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame DF02 0
1 KB 7ms
6ms Script
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjZq_7u05fcAhXI1lMKHaJdAYAQFggnMAA&url=http%3A%2F%2Fforumpcbrasil.forumeiros.com%2Ft2765-infeccao-malware&usg=AOvVaw0kBNPrYAXjXq4bYx3nm4I9
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Cache-Control: max-age=172736, public
Last-Modified: Thu, 31 May 2018 07:27:09 GMT
Content-Type: text/html; charset=UTF-8
Expires: Fri, 13 Jul 2018 13:12:46 GMT

GET
H/1.1 200
OK AdServerServlet
vid.pubmatic.com/AdServer/ Frame DF02 27 B
635 B 14ms
14ms XHR
application/xml 198.47.127.32
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: http://vid.pubmatic.com/AdServer/AdServerServlet?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+3+4+5+7+6&kadpageurl=http://forumpcbrasil.forumeiros.com&gdpr=1&kltstamp=2018-7-11%2018%3A18%3A8&ranreq=0.9031795337934247&timezone=0&gdpr_consent=&SAVersion=2&inIframe=1&pageURL=&screenResolution=-1x-1&kdntuid=1&vwndh=0&vwndw=0&vwndurl=&vwndref=&vc=2&js=1
Requested by: Host: vpaid.pubmatic.com
URL: http://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156307&siteId=230587&adId=1211452&vadFmt=3&vapi=2&vminl=5&vmaxl=120&vpos=1&vh=225&vw=400&vfmt=1+2+3+4+5+6+7+8&kadpageurl=http%3A%2F%2Fforumpcbrasil.forumeiros.com&gdpr=1
Protocol: HTTP/1.1
Server: 198.47.127.32 Redwood City, United States, ASN3257 (GTT-BACKBONE GTT, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
Origin: http://forumpcbrasil.forumeiros.com

Response headers

Date: Wed, 11 Jul 2018 18:18:08 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: http://forumpcbrasil.forumeiros.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
X-Vdbg: 1:0/165:-1
Content-Type: application/xml; charset=utf-8

GET
H/1.1 200
OK track
aktrack.pubmatic.com/ 0
124 B 6ms
5ms Image
text/html 2.18.233.180
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aktrack.pubmatic.com/track?operId=7&p=156307&s=230587&a=1211452&ts=1531333088&wa=0&e=96&ier=[ERRORCODE]%20%20&1531333089028
Protocol: HTTP/1.1
Server: 2.18.233.180 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 11 Jul 2018 18:18:09 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ads.pubmatic.com
URL: http://ads.pubmatic.com/AdServer/js/showad.js?

Verdicts & Comments Add Verdict or Comment

510 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 02:43:49	Name: IDE Value: AHWqTUkg3q_O04H8oxW_KjnN1GnzJ-Y0nHwFgi_TCY9iLsIiBrh0AsUifLlmAMrh
.google.com/	1970-01-18 21:45:44	Name: NID Value: 134=2jBpOFmqlQfNm1vkxzTJS92OwSL_MaNGxxDr3YTUTeSbyj55FXm9XlaQb8K_BW92WJq2QZt4afxpFqeIIpXgQGVYrIP_BvRF_lnE270froO7lDYJ3fXWWeQ5OUH-2w5N
ad38.ad-srv.net/	1970-01-18 18:05:25	Name: kxcongstar_data Value: visits%3A1%3B_visits%3A1531353600000%3Buser%3As4bd09lym%3B_user%3A1546885072375%3Bkuid%3AMFMP3_vc%3B_kuid%3A1546885072375
.doubleclick.net/	1970-01-18 17:22:16	Name: DSID Value: NO_DATA
.congstar.de/	1970-01-18 17:32:17	Name: staticentry Value: %7B%22zxid%22%3A%2237494895C2047965762SV1yq91832258136038445230485034246274yb5yb7T2452192636133012483%22%2C%22zUserID%22%3A%22977569%22%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://forumpcbrasil.forumeiros.com/t2765-infeccao-malware(Line 13) Message: {"w":1600,"h":1200}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
accounts.google.com
ad.ad-srv.net
ad.zanox.com
ad38.ad-srv.net
ads.pubmatic.com
ads.rubiconproject.com
adservice.google.de
ajax.googleapis.com
aktrack.pubmatic.com
api.viglink.com
apis.google.com
b.scorecardresearch.com
banner.congstar.de
beacon-eu2.rubiconproject.com
bttrack.com
cas.criteo.com
cat.nl.eu.criteo.com
cdn.taboola.com
cdn.viglink.com
cm.g.doubleclick.net
connect.facebook.net
connect.topicit.net
convammp.taboola.com
csi.gstatic.com
eus.rubiconproject.com
fonts.googleapis.com
forumpcbrasil.forumeiros.com
gum.criteo.com
hitsk.in
i.imgur.com
i.ssix.io
i21.servimg.com
ib.adnxs.com
illiweb.com
images.taboola.com
imgfast.net
imprammp.taboola.com
m.addthisedge.com
match.adsrvr.org
match.basebanner.com
match.taboola.com
mathid.mathtag.com
opps.taboola.com
optimized-by.rubiconproject.com
pagead2.googlesyndication.com
platform.twitter.com
s7.addthis.com
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
server.exposebox.com
static.criteo.net
staticxx.facebook.com
syndication.twitter.com
tags.mathtag.com
tpc.googlesyndication.com
trc.taboola.com
vid.pubmatic.com
vidstat.taboola.com
vidstatb.taboola.com
vpaid.pubmatic.com
web.facebook.com
wf.taboola.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.storygize.net
x.bidswitch.net
ads.pubmatic.com
104.108.68.8
104.111.230.142
104.244.42.8
107.178.246.211
136.243.51.231
136.243.54.220
151.101.112.193
151.101.114.2
151.101.114.49
151.101.14.2
151.101.14.49
172.217.22.98
178.250.2.66
178.250.2.67
178.250.2.71
178.250.2.74
178.33.115.32
18.153.11.30
18.153.11.31
185.29.134.232
185.29.135.42
185.29.135.48
185.94.180.124
192.132.33.27
195.216.249.67
198.47.127.32
2.16.186.80
2.18.233.180
216.58.214.98
23.67.129.200
2400:cb00:2048:1::6810:a00d
2400:cb00:2048:1::6810:a40d
2400:cb00:2048:1::6811:8e4c
2400:cb00:2048:1::6811:8f4c
2400:cb00:2048:1::6811:914c
2400:cb00:2048:1::6812:37a5
2400:cb00:2048:1::681b:8280
2400:cb00:2048:1::681f:4002
2400:cb00:2048:1::681f:4945
2404:6800:4005:80e::2003
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:810::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2004
2a00:1450:4001:812::200a
2a00:1450:4001:812::200d
2a00:1450:4001:812::200e
2a00:1450:4001:81b::2002
2a00:1450:4001:820::2002
2a00:1450:4001:820::200a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f01c:80a1:face:b00c:0:d0c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:86:face:b00c:0:50fb
34.208.220.127
35.201.85.158
37.252.172.40
37.252.172.53
37.252.172.80
52.18.183.216
52.48.254.224
54.72.165.213
54.72.231.120
62.67.193.41
62.67.193.43
85.214.124.106
87.98.186.20
06bfc0bd09d55e2212c028968cf2df4f6415d2e1e8b50d8421e45874253f2422
06fb15858fe7edd7c38f7ae6b0efedca984ae58ecb00ee6e6e0dcbdb862bb872
075cc698968c8fabdc079e0f5a8bf11ed379ddb445d0d7caa5085cf67ff12b57
0a50c695cbcb759240c0c5b4a3e6ac8a8fd908e52df60fb8b45ddef748ada26a
0d8deb3f360c48eb0d2a4eb2fc69b8d6c5530dc31bf8984ede26443633a9ebb2
1012fe94f695d472ba7aa9b66b20514ed2ecfd148a2ab1143e857ecd2fd185ac
10eba73b3641332bde05fa8d6223e7017ac5207673602247c35f358ea89e3092
121c9c5a46de7126f28c2520fcbf54209de96f5e1547356a758a0c1f6bdabf2e
15dbd60436cda1ed2f632ac0ba98b67d82b52b51e1119c2270e1c465ac3f9ed3
16bd47540413e3493b156d514331f3d0446e82c11b04fc1066804a3c7d0c45d0
18bd4fca2ecd2f93d312b4b551c6aec9dbdd62a860be392cb06b938800cd3577
1a5a6b82298915e1c7042dc805fdac769f013e0596443d44c1b9727a3fb67cfc
1c2c15eec8cb65a2e6c342155e72e6649b0ea6c5eea8f3ef72dcabd5e1ffb0f7
1c80619aa99b4bce0b57edaeaf2bae35ad0e1929096a51d0ced52df4dfa68e3d
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1
1dd0287567e038ad7ab9639aa62d774af7be8d5077a3715b6c5cd6c777c02105
21631bccf6318dfbba42025dff40c28ae84bc7c010d7588c6b368014baf08693
266341ea4b094a5dfcb9e4dfc17505e83694fd6ae5a24a78b4aaa3a5a0d40c7c
27d0b2f79b3a90ccf74c8be137edd09fd3be6230e634ab3308213a5d9d47ef44
2b18451f41f398f69d9e7435f3b80e11b53b9afc9395b42742c41e36928bde0d
2cbe6ddbabf28f61101c413c1956a045966b327fc9762d4379d6ad927baeceff
3174887814d1432109a58b186ea78834f33ee118bf8dfb7839e15f2b21e5f583
31fdbd11b2e812762d67116d1714391738af0ade5c63a5e878ae24015bae43d4
349a658bfe8ec9c807d02d46bddd2a2a6b4e36a5c2705e3e8706db2fac2bb18c
34fa520c9262737b4e5a38ee5fecfe052b263ce80e790fc0f735bc0ad46efbd4
3906923ab5823ddeb0b609865c895827aac92d1e4c51ca716809babe940f9675
39176ddb48e89fcf13cb33acad8f52c981a6e54d1afbffd16d1d4928fc8698d5
39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542
3bf00388c3a7d6eb4e46f2ee7f8ddc9ae8d9f8542d56d6253b248acc69894df8
3cb4e400051f23df07d690f75554f98a3b384b974f48097a1ade26f01cc416e0
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
4192f7a925a86b25b87e422c509071dc6d5222fef92358406b627882ee2c22af
42ea582593ff061b0179a1b0c99e76520758d48b563008e9a538817b0384cf49
43502f02c4f85a8db193da031d3a7e21273b075d26fc2becab3af69b87c8e81d
437513ec64a0d4c9b838a51cf1e57bfb0d75586f35ddd91d0de1d01335fd0969
45c7b9e68c9e91b6a5dce78dbd240bd78699dd998b588003d0921b9070ce6154
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e8a79a702c74305fd3a2a0e10d8fadc1752d72ea159b0a4b25825acf3ef42ad
514b5dc90de7362be9824f6e1b254c6ddd014a0116a53c9669c7b37a7eb94120
5206296d25769debb150836abafd9a12316ccd64492e1ea77c583c2e83a8bf62
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187
54485e4a4825872491f7f8a19d5b3840771ec88bf50e7aef09dc9d3a8a3214f7
55c43748b656dc937e56f39e2cc71bd178cadd3ab674efbdb5d3c52406ad06ad
5cf423c404b0e2ef68823ac98abeeb04fea71af5311f146bf5cc7cdaa6befb4f
5e2e13cd4cd1ffeed714a372a803034b3b6dd986f22eb61457f6c33543d12386
605183a8594eb65a3db95a7735ad7adac28b7b9814a70334837fe630bdd8d5f4
643ca3bddc30489dbdfa50b9b7c9803877371403531813b9c42fc814de0dd339
64598cb0406f22615300c7893987f55e915edfe3ced3b14e5a47549cc7bf2006
645b6ceaa1729250e2ff014f8521613841542553720dbae64b536f93ade3e862
652059ee7ac0e28e567f6843920a3c5f628b13c1996614121cff6f2f7b74c3b3
653b96aa08f651ac8f64066162411061aa3625991c69f5a06e52f3a25951a51d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6afb26a22a3683d4587e4c96ab286eb61fe401dbe07cc1b38748d1671dcd1f0c
6cc0f23c9c4d5db529fe4aa40ea04636d4b59233aa4618280238dd859059fe46
6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90
6e939231cee781e0a23999612becaa80c29f9a8287b970367420ddbef4546c87
6ffba61672da54bdb039b5ae1fc13d5715beab1af81dde518c3e4135594732eb
71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632
75bf4ea0c970f9dfb8ac9a4c90849d71d033828a42ac2bee533ddbd5a62d1253
775fdaf57186dbac6188d9c808457ea0ef71575ca1b6b58f7b6bbd690a0d9deb
78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d
8058ac874aaf7a42659f311ae61a9ea7119b9ca2fa6925bfb9cecb4b47412f2b
806d062c93a8c43e7273c6f59a1f3aeb70896f9cc147d115ba36c3c7c9c5b87f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ce6006cff1191ad3dee4fd015b0169ecc17b0ca8bd8ca698b6bea1d8699533
85a35959d874d473b037b77022505285b93f4e57f46c81ef120d54a3a4e360cd
873bb741b03e7bd63baced35d272dd047a6bd4b09b0a0bc85f7c6a2d385aad39
893694462bb1fd0753fdb6749b81b1dd5cf28f28e5107e8fb8a60e93b365d2c5
89c117399ab6d8d873578ee0c4ebe50a658cbbd4f4d1d74facdf50113b5afd7b
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8cc9db979e7df62543456027de432bfe6f751febd6386a21ce8f34ec05dcc779
8ddeff0857c309215ca76eaa9316d4cec6567ea3d4345b2189f32a8d6eb1d66b
913bbda58746d2834fa514a1960eddd741c0dad41288fdcca43afb0203fde631
92efc665ebca8487dc337b4ad91d83a8f49d7b275b77903dc22a3c335adc12d9
99c40a3379a5f940961b6ff602c2d4748b32460a40a65f2e0a51a7f3dca38001
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9fbef6f09ecfe4ed5eaa98fa5a6f6f147b71c40616856e6b9bb537ba4722d488
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ffdd1599de14aeb45956cfab6ae8fb197e084be3ac6d68002cf19909992aff
a261495c570b86473b59632ef283e7187b743103e5b963c2158be6de2015bffc
a487b114776c73ff4085daac005555f8406a0af7501cdda920bc8c30d5fbf8ec
a552ed3ef01e39ad4e519b609c8c0d9edb73ab99d4118999d29e0aceb1b36d04
a71702232a771b558b12f8c0012a15f5652b500fd2e33464d283406cee36754d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b07af50f99890a6edd3601bb8cf2d7ebdb404904067925d794d1cd450e939f57
b08fefb255b40cd18b0f7db8ec21c6f0c79d16aa828d7ed9157da12a38538682
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a53e063d9364aef5f3d8d4eb41a833dc3781f57bf776f0b1fff7da1f2b6ad5
b43344a84d27d5328f03df273b3e2d4508aa55f093d99d2aa95c160c17541cb9
b5c932f5ad9b5922ced7201f4941f4db458030e93a014eabe124e6997e93c74a
b621467f74054e2999a7e213edf26895f9639e255f7c11b2047509fd0879f6c8
b7943c5b24cb2507066eddd65ed07ad1ee96f770ec95f204855d1c1dda9f98e2
bfe029ab8d317564a696749072c21afb7704068c15e4593c301d837a5940a729
c7c602bceaedbdd5a1f2db728d3e9738d9ecd521710921846b8751eb4bc458ef
c7f5b84d1b7a1a4a7a02615bff422a8fff122e14019407d361c2e81b65c8587a
cb94a192051b7dd6da5d4b53d4d65d213143a51e9772b2a01ce7d86553796a2e
cf25bde344d442fbdcb13d1497187726f38240092235f5f845f6f7f1a2554e52
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d2e298ee90ec9a20b11a0990bf016c727e21956b04241fa8af3aecc013e9f484
d6987a7ad168acbd56e21e9b25db400ab2249c25ad32b8dfbda82fd7bfa0526d
d70f25d628d2c6bf5e2521fc0ba316ffe9edfc8e2f1eafde88cf5e50a7da0b32
d72a9caa118a6b30d0a607786d5cdbd97cd34e70e1d1d799ba728e291eadc320
d782a7910c7ecf35ebd2b740361d534f3a81723b7a6daafc2168dae30f1e22bb
d8e92c5f34066f3342322351c76fdefbd2a2031c365a3384bdf694b0e0e122ca
e0db2d862aee90854fca1e32e50e424106b6c3d494605da31c32fcc20c84604e
e17bb20e4061d5d86f1e9f575f4f801915881f8e3abe7868490106833905d8ed
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a6958ece4cd78493c2ea4c7ba23cf956a09ea5b908aa4bff809275d283f36c
e92cdca72028ccce27bd16524f16d8a39a5a56138dceff7c15af66a5c24c45bf
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ecf66c725a16adfb5f0db7a7365ae9a3b097ab4ee46a7ee5a0bdbfa9924d0fb9
ee733e900aa808963beae88c53ba7b93fd57cf5fc4cdde2fbaa7a324a5db72a7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03c92834d4627c5fe43fe0e8aabc7c5c4695d3d179cdd384ae0cab4fb663b0c
f5b862705def8b10b9a2f6e2d285ace98b47d499942ad23d492820a6a04341dc
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f838d90ece2bb8db03277b435d27ad03eddb14a62b14682e078cf3b1d57d4d50
fa1a8e0c61361e26d351c391e584d1f716349a54c8236827ed97ad53564e1b15
fb583fc804d9a1974260714cbf35a26a9e14eae86d6465d2420fe235dfc8758a
fc93813f124d0c47e45d961f54936419e6d8c9fa1bcc3cf6bf02b0cbabdf1ac2
fe55d5923aea9dd9045935f06b035b89f26c9822f5ffee8112ef1821df64696e
ff94854751f2b1a8b9efa1224d209fb7ea7d4f1af4f6834a7531d00832f80e73

forumpcbrasil.forumeiros.com Open in urlscan Pro 178.33.115.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

200 Requests

6 %HTTPS

36 %IPv6

40 Domains

70 Subdomains

58 IPs

9 Countries

4434 kBTransfer

7394 kBSize

5 Cookies

59 Outgoing links

Page URL History

Redirected requests

200 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

forumpcbrasil.forumeiros.com Open in urlscan Pro
178.33.115.32 Public Scan

Screenshot
Live screenshot

Full Image

200
Requests

6 %
HTTPS

36 %
IPv6

40
Domains

70
Subdomains

58
IPs

9
Countries

4434 kB
Transfer

7394 kB
Size

5
Cookies

200 HTTP transactions
1 data transactions