geekpolice.forumotion.com Open in urlscan Pro
188.165.2.137 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Submission: On February 22 via manual (February 22nd 2020, 4:01:06 pm UTC) from US

Summary HTTP 149 Redirects Links 67 Behaviour Indicators

Summary

This website contacted 53 IPs in 10 countries across 50 domains to perform 149 HTTP transactions. The main IP is 188.165.2.137, located in Ireland and belongs to OVH, FR. The main domain is geekpolice.forumotion.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 7th 2020. Valid for: 3 months.

This is the only time geekpolice.forumotion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	188.165.2.137 188.165.2.137	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
5	2606:4700:303... 2606:4700:3034::681b:9f51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:825::2008	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
5	2606:4700:303... 2606:4700:3037::6812:3807	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3031::681b:8de7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3030::681f:4408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1 21	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY)
1	178.250.2.152 178.250.2.152	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	78.109.92.217 78.109.92.217	34948 (TYPHON-AS) (TYPHON-AS)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2606:4700::68... 2606:4700::6811:4104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2.19.38.84 2.19.38.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
3	69.173.144.142 69.173.144.142	26667 (RUBICONPR...) (RUBICONPROJECT)
3	2606:4700:303... 2606:4700:3031::6818:7f32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS)
3	69.173.144.152 69.173.144.152	26667 (RUBICONPR...) (RUBICONPROJECT)
1 3	23.43.115.95 23.43.115.95	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2606:4700::68... 2606:4700::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3031::681b:a9ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE)
7	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 1	35.201.85.158 35.201.85.158	15169 (GOOGLE) (GOOGLE)
2 2	18.194.31.52 18.194.31.52	16509 (AMAZON-02) (AMAZON-02)
1 4	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	40.113.136.100 40.113.136.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	74.214.194.139 74.214.194.139	59940 (PULSEPOIN...) (PULSEPOINT-EU)
2 2	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 2	52.212.184.249 52.212.184.249	16509 (AMAZON-02) (AMAZON-02)
1 1	52.34.54.104 52.34.54.104	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
3 3	35.158.58.156 35.158.58.156	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.178.101 35.210.178.101	19527 (GOOGLE-2) (GOOGLE-2)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
11	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	46.105.105.90 46.105.105.90	16276 (OVH) (OVH)
9	52.17.159.142 52.17.159.142	16509 (AMAZON-02) (AMAZON-02)
4	52.19.82.46 52.19.82.46	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
1	195.8.215.129 195.8.215.129	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
1	178.79.227.167 178.79.227.167	22822 (LLNW) (LLNW)
1	195.8.215.136 195.8.215.136	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
1	2a00:1450:400... 2a00:1450:4001:820::2006	15169 (GOOGLE) (GOOGLE)
1	35.186.238.232 35.186.238.232	15169 (GOOGLE) (GOOGLE)
149	53

2 188.165.2.137 (Ireland)

ASN16276 (OVH, FR)

geekpolice.forumotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3034::681b:9f51 (United States)

ASN13335 (CLOUDFLARENET, US)

illiweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3037::6812:3807 (United States)

ASN13335 (CLOUDFLARENET, US)

i.servimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3031::681b:8de7 (United States)

ASN13335 (CLOUDFLARENET, US)

2img.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3030::681f:4408 (United States)

ASN13335 (CLOUDFLARENET, US)

7img.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 151.101.14.2 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.152 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.109.92.217 (France)

ASN34948 (TYPHON-AS, FR)
PTR: footeo.typhon.net

ads.sportslocalmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.slmads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.38.84 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-38-84.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.142 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::6818:7f32 (United States)

ASN13335 (CLOUDFLARENET, US)

adstune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.152 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.43.115.95 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-115-95.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::681b:a9ec (United States)

ASN13335 (CLOUDFLARENET, US)

connect.topicit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
convammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.85.158 (Ascension Island) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 158.85.201.35.bc.googleusercontent.com

server.exposebox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.31.52 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-31-52.eu-central-1.compute.amazonaws.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.114.49 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.zorosrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.113.136.100 (Amsterdam, Netherlands) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.133.58 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.194.139 (Amsterdam, Netherlands) 1 redirects

ASN59940 (PULSEPOINT-EU, NL)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.30 (Poland) 2 redirects

ASN204995 (RTB-HOUSE-AMS, NL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ams.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.38 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.2 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.184.249 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-184-249.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.34.54.104 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-54-104.us-west-2.compute.amazonaws.com

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.58.156 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-58-156.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.178.101 (Mountain View, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 101.178.210.35.bc.googleusercontent.com

a.volvelle.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.114.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.105.90 (France)

ASN16276 (OVH, FR)
PTR: s09.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.17.159.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.19.82.46 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-82-46.eu-west-1.compute.amazonaws.com

logsene-receiver.eu.sematext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.8.215.129 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: api-origin.dailymotion.com

api.dailymotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.227.167 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-227-167.vie.llnw.net

api.dmcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.8.215.136 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: www.dailymotion.com

www.dailymotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.238.232 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 232.238.186.35.bc.googleusercontent.com

ads.viralize.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	taboola.com 2 redirects cdn.taboola.com trc.taboola.com 15.taboola.com match.taboola.com cds.taboola.com images.taboola.com vidstat.taboola.com imprammp.taboola.com convammp.taboola.com wf.taboola.com	610 KB
13	rubiconproject.com ads.rubiconproject.com optimized-by.rubiconproject.com eus.rubiconproject.com beacon-eu2.rubiconproject.com pixel.rubiconproject.com	34 KB
12	viglink.com cdn.viglink.com api.viglink.com	40 KB
6	2img.net 2img.net	62 KB
5	doubleclick.net 3 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	76 KB
5	twitter.com platform.twitter.com syndication.twitter.com	32 KB
5	servimg.com i.servimg.com	63 KB
5	illiweb.com illiweb.com	25 KB
5	googleapis.com ajax.googleapis.com fonts.googleapis.com imasdk.googleapis.com	125 KB
4	sematext.com logsene-receiver.eu.sematext.com	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	adnxs.com ib.adnxs.com	2 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	adstune.com adstune.com
3	cloudflare.com cdnjs.cloudflare.com	18 KB
3	sportslocalmedia.com ads.sportslocalmedia.com	157 KB
3	7img.net 7img.net	7 KB
3	google.com 1 redirects www.google.com adservice.google.com	971 B
3	criteo.net static.criteo.net	30 KB
2	dailymotion.com api.dailymotion.com www.dailymotion.com	5 KB
2	volvelle.tech 2 redirects a.volvelle.tech	1 KB
2	adsrvr.org 2 redirects match.adsrvr.org	913 B
2	creativecdn.com 2 redirects creativecdn.com ams.creativecdn.com	763 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	facebook.net connect.facebook.net	58 KB
2	gstatic.com www.gstatic.com fonts.gstatic.com	152 KB
2	criteo.com bidder.criteo.com gum.criteo.com	155 B
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	forumotion.com geekpolice.forumotion.com	101 KB
1	viralize.tv ads.viralize.tv	498 B
1	2mdn.net s0.2mdn.net	11 KB
1	dmcdn.net api.dmcdn.net	10 KB
1	id5-sync.com id5-sync.com	454 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	google.be adservice.google.be	778 B
1	bttrack.com bttrack.com	380 B
1	storygize.net 1 redirects www.storygize.net	430 B
1	contextweb.com 1 redirects bh.contextweb.com	442 B
1	powerlinks.com 1 redirects px.powerlinks.com	402 B
1	zorosrv.com match.zorosrv.com	316 B
1	exposebox.com 1 redirects server.exposebox.com	387 B
1	slmads.com ads.slmads.com	53 KB
1	addthisedge.com v1.addthisedge.com	325 B
1	facebook.com www.facebook.com
1	topicit.net connect.topicit.net	2 KB
1	moatads.com z.moatads.com	1 KB
1	google.de www.google.de	109 B
1	addthis.com s7.addthis.com	113 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
149	50

	Domain	Requested by
12	trc.taboola.com	1 redirects cdn.taboola.com geekpolice.forumotion.com
11	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com geekpolice.forumotion.com
9	api.viglink.com	cdn.viglink.com geekpolice.forumotion.com
6	2img.net	geekpolice.forumotion.com
5	cdn.taboola.com	geekpolice.forumotion.com cdn.taboola.com cdn.viglink.com
5	i.servimg.com	geekpolice.forumotion.com static.criteo.net
5	illiweb.com	geekpolice.forumotion.com
4	wf.taboola.com	vidstat.taboola.com
4	logsene-receiver.eu.sematext.com	ads.slmads.com geekpolice.forumotion.com
4	images.taboola.com	geekpolice.forumotion.com
4	platform.twitter.com	geekpolice.forumotion.com platform.twitter.com
3	x.bidswitch.net	3 redirects
3	ib.adnxs.com	geekpolice.forumotion.com ads.sportslocalmedia.com
3	cdn.viglink.com	geekpolice.forumotion.com
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com geekpolice.forumotion.com
3	beacon-eu2.rubiconproject.com	geekpolice.forumotion.com
3	eus.rubiconproject.com	optimized-by.rubiconproject.com
3	adstune.com	optimized-by.rubiconproject.com
3	optimized-by.rubiconproject.com	ads.rubiconproject.com
3	ads.rubiconproject.com	geekpolice.forumotion.com
3	cdnjs.cloudflare.com	geekpolice.forumotion.com
3	ads.sportslocalmedia.com	geekpolice.forumotion.com ads.sportslocalmedia.com
3	7img.net	geekpolice.forumotion.com
3	static.criteo.net	geekpolice.forumotion.com
2	convammp.taboola.com	geekpolice.forumotion.com
2	imasdk.googleapis.com	ads.slmads.com imasdk.googleapis.com
2	a.volvelle.tech	2 redirects
2	match.adsrvr.org	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	sync.mathtag.com	2 redirects
2	match.taboola.com	1 redirects vidstat.taboola.com
2	rtb.mfadsrvr.com	2 redirects
2	securepubads.g.doubleclick.net	ads.sportslocalmedia.com securepubads.g.doubleclick.net
2	connect.facebook.net	geekpolice.forumotion.com connect.facebook.net
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	fonts.googleapis.com	geekpolice.forumotion.com ajax.googleapis.com
2	www.google.com	1 redirects geekpolice.forumotion.com
2	geekpolice.forumotion.com	geekpolice.forumotion.com
1	ads.viralize.tv	ads.sportslocalmedia.com
1	s0.2mdn.net	imasdk.googleapis.com
1	www.dailymotion.com	api.dmcdn.net
1	api.dmcdn.net	ads.slmads.com
1	imprammp.taboola.com	geekpolice.forumotion.com
1	api.dailymotion.com	ads.slmads.com
1	id5-sync.com	ads.sportslocalmedia.com
1	cdn.jsdelivr.net	ads.sportslocalmedia.com
1	syndication.twitter.com	geekpolice.forumotion.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.be	securepubads.g.doubleclick.net
1	cds.taboola.com	geekpolice.forumotion.com
1	bttrack.com	geekpolice.forumotion.com
1	www.storygize.net	1 redirects
1	ams.creativecdn.com	1 redirects
1	creativecdn.com	1 redirects
1	bh.contextweb.com	1 redirects
1	px.powerlinks.com	1 redirects
1	pixel.rubiconproject.com	geekpolice.forumotion.com
1	match.zorosrv.com	geekpolice.forumotion.com
1	server.exposebox.com	1 redirects
1	15.taboola.com	cdn.taboola.com
1	ads.slmads.com	ads.sportslocalmedia.com
1	v1.addthisedge.com	s7.addthis.com
1	www.facebook.com	connect.facebook.net
1	gum.criteo.com	static.criteo.net
1	connect.topicit.net	geekpolice.forumotion.com
1	z.moatads.com	s7.addthis.com
1	www.google.de	geekpolice.forumotion.com
1	stats.g.doubleclick.net	1 redirects
1	s7.addthis.com	geekpolice.forumotion.com
1	fonts.gstatic.com	static.criteo.net
1	www.gstatic.com	www.google.com
1	bidder.criteo.com	static.criteo.net
1	www.googletagmanager.com	geekpolice.forumotion.com
1	ajax.googleapis.com	geekpolice.forumotion.com
149	74

This site contains links to these domains. Also see Links.

Domain
i.viglink.com
www.msn.com
motive.com
www.rooms.hp.com
update.microsoft.com
java.sun.com
isaac2.pslab.motive.com
motive.webex.com
pattcw.att.motive.com
platformdl.adobe.com
quality-center.sbc.com
ftp.exe
acrobat.com
download.bleepingcomputer.com
www.forospyware.com
subs.geekstogo.com
www.pchelpforum.com
www.gmer.net
www.superantispyware.com
www.softpedia.com
virusscan.jotti.org
support.kaspersky.com
account.goodgamestudios.com
cdn.tremormedia.com
cdn2.baronsmedia.com
convoad.technoratimedia.com
core.insightexpressai.com
kaltura.hutchmedia.com
media.heavy.com
media.mtvnservices.com
media.whosay.com
media1.break.com
media2.onsugar.com
media4.onsugar.com
msnbcmedia.msn.com
objects.tremormedia.com
secure-us.imrworldwide.com
speed.pointroll.com
www.goodcholesterolcount.com
www.malwarebytes.org
popup.taboola.com
medicaregranny.com
militarybud.com
www.thedigitalnewsroom.com
bright-world.info
www.forumotion.com
help.forumotion.com

Subject Issuer	Validity	Valid
m91.maxns.net Let's Encrypt Authority X3	`2020-01-07` - `2020-04-06`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
illiweb.com CloudFlare Inc ECC CA-2	`2019-09-17` - `2020-09-16`	a year	crt.sh
*.criteo.net DigiCert ECC Secure Server CA	`2019-12-03` - `2021-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
servimg.com CloudFlare Inc ECC CA-2	`2019-09-18` - `2020-09-17`	a year	crt.sh
2img.net CloudFlare Inc ECC CA-2	`2019-12-04` - `2020-10-09`	10 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-05-09` - `2020-05-09`	a year	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-02-14` - `2020-07-25`	5 months	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2019-12-05` - `2021-04-08`	a year	crt.sh
ads.sportslocalmedia.com Let's Encrypt Authority X3	`2020-01-26` - `2020-04-25`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-12-05` - `2020-06-12`	6 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-01-16` - `2020-04-15`	3 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-02-13` - `2021-02-17`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2019-12-16` - `2020-12-25`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
ssl418259.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-01-18` - `2020-07-26`	6 months	crt.sh
topicit.net CloudFlare Inc ECC CA-2	`2019-10-06` - `2020-10-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
ads.slmads.com Let's Encrypt Authority X3	`2020-01-26` - `2020-04-25`	3 months	crt.sh
g2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-11-21` - `2020-11-12`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-19` - `2021-04-13`	2 years	crt.sh
*.taboola.com DigiCert ECC Secure Server CA	`2019-09-03` - `2020-09-10`	a year	crt.sh
*.google.be GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
ssl363648.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-02-22` - `2020-08-30`	6 months	crt.sh
*.id5-sync.com Go Daddy Secure Certificate Authority - G2	`2017-04-02` - `2020-04-02`	3 years	crt.sh
viglink.com Amazon	`2020-01-10` - `2021-02-10`	a year	crt.sh
*.eu.sematext.com Amazon	`2019-06-26` - `2020-07-26`	a year	crt.sh
*.dailymotion.com DigiCert SHA2 High Assurance Server CA	`2019-10-02` - `2020-11-17`	a year	crt.sh
*.dmcdn.net Let's Encrypt Authority X3	`2020-01-23` - `2020-04-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
*.viralize.tv Sectigo RSA Domain Validation Secure Server CA	`2019-10-21` - `2021-11-18`	2 years	crt.sh

This page contains 19 frames:

Primary Page: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Frame ID: C1D7ED75B6DF275292032B7ADF4509B7
Requests: 113 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/11662.js
Frame ID: 7184DF9303F85473F4E532CF8908458B
Requests: 3 HTTP requests in this frame

Frame: https://adstune.com/ccaxe
Frame ID: 4A83C0424BFCFEF7CDFB7D65A236D33D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Frame ID: DEC69994737B74D1CF6A536DD29A68DB
Requests: 1 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/11662.js
Frame ID: 33B0B6754F8106229C21652F63E21DCF
Requests: 3 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/11662.js
Frame ID: 728E70B12932A9127FC01C349BF277BD
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=geekpolice.forumotion.com
Frame ID: 15C9493EE1928C6272ED968645A262F7
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html?origin=https%3A%2F%2Fgeekpolice.forumotion.com
Frame ID: D044C8D1847822A9A5E8D3150129F60D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df22320f45dfc484%26domain%3Dgeekpolice.forumotion.com%26origin%3Dhttps%253A%252F%252Fgeekpolice.forumotion.com%252Ff28e2267988f2c8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false
Frame ID: 7B3C7690F47049FC880390543C9398C7
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.7303c29a8108bca4ac5c9ef008ed8164.en.html
Frame ID: 146DCB9A459C9387BB89E490B1E1B328
Requests: 1 HTTP requests in this frame

Frame: https://adstune.com/ccaxe?format=300x250
Frame ID: 230AFA5B1ED8B539D13B6D97573563B4
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Frame ID: 529F53369D6425F9CADE5DD54786DA07
Requests: 1 HTTP requests in this frame

Frame: https://adstune.com/ccaxe?format=300x250
Frame ID: 931A0E4682E23A76754E8190F13317D2
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Frame ID: 609A9A932DCB1D9BE45015ABC9D85060
Requests: 1 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=_j58n1zp
Frame ID: A9A7601CDA49D2C8BC9083627F89B9CB
Requests: 15 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=8015557&ttype=0&cirid=24963CB1F156163313684521638&cicmp=1637385&cijs=1&dast=V7rtECFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81mMdktl8PhaDXZTcFhyk6Ty3JQC2RNk8vvBic0nQ6f616vc7m8hr_Z6XHZZX7L6-03Pf12u8bv9osuw9VwuFZdfi676S10mQ1v3dN0dIsuf6vD7pa-LH-Hx-PyfJ52mx0AAAAAHgCUVAIhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADKyqNQAoOBLm77ZYXjabyx8AAA8FIAAAAhgkAALjKyUAFORDJwAAAAAAAAAALP____8xAHpOxTIAGPwJNwY9AA8-AA9CAAAAF0PYm-PQsuhFVUQFpkWMAAAAAHKls-eOJnVCZVEFAECQbgVwBQAQANcWGvKVpTso8RYGAAAQMLZAD4vfb3bYNX63ywAAAAAAAAAAzP7P_tGElC4a04AmdSbVfgEBANZ-AQEA2NQNAOBNAC7oDGw0Gi4mqzOg3XA1280OAAAA4O7___9fD4RmtpVht5stF5bhaLbbTRyjmW1jGTlMho3DNZx5b6Pmq3NRW6mjz2HKTpPLclALZE2Ty2-_CVuMVpPJZjmcLReTwXA0HI32J4CDAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGExwQoajzWQ12q12k-VwMhrNNpMNUrRqNRttBsPVbDLb7VbDwXA5GiFFaxazyWQxGy13m8FyMhoMJ8MhwsDI4_JsVh63buPwuEUTh22tMKx8a5FvM3OYdpPRxmVci14f02u0MLkWzike1Oni2NcuXBQMoNmL4CKdyPyW19tvevrtbpXdIpZoThbpRHbZl2a2lWG3my0XluFotttNHKOZbWMZOUyGjcM1nPkLI4_Ls1l53LqNw-MWTRy2tcKw8q1Fvs3MYdpNRhuXcS16fUyv0cLkWjj3jdVwshnuJqPFvrEaTjbD3WS02HfoDN_V52z0ljt_j095EP2UHZnpoHAZLN6NanUcfyYHbdlsdOpElu9nY_T7_X6_3-_3-_1-g9ZzMBsMilgiOF2kE9HLeLqIJZKnRTpR7haGjWEw8RhXu9VothrOHDbTxOKcrCajhcdlmoglStNFOtGLLsPVcLhWXX4uu-ktdJkNb93TdHSLLn-rw-6Wvix_h8fj8nyedptF_ceHGK7mksVgLlns5orFapUAAAAAAAAAAJYwZ94EAAAA4DSI4XIy2S0X4IH9rbjx4wbzW15vv-npt7tVdjNvBg!&excid=22&tst=1&docw=0&cs=false
Frame ID: C13E24A0AAAB6311970B7419505ADD33
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sync?dast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&excid=22&docw=0&cijs=1
Frame ID: E88E699A01FAF814169091981260B203
Requests: 1 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7rrkmd?api=postMessage&autoplay=true&controls=false&id=f1ed977a13456cc&mute=true&origin=https%3A%2F%2Fgeekpolice.forumotion.com&syndication=123503&ui-highlight=FFFFFF
Frame ID: AF06B4A5E3EC57C7FA12B56EDA6EA7C3
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.369.0_en.html
Frame ID: 12327D2FD9084DCEF56146785A5457B2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:^[^\/]*\/\/[^\/]*viglink\.com\/api\/|vglnk\.js)/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

149
Requests

99 %
HTTPS

41 %
IPv6

50
Domains

74
Subdomains

53
IPs

10
Countries

1841 kB
Transfer

5447 kB
Size

10
Cookies

67 Outgoing links

These are links going to different origins than the main page.

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=80fb3822a955af5d&type=H&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=80fb3822a955af5d&opt=true&out=https%3A%2F%2Frover.ebay.com%2Frover%2F1%2F711-53200-19255-0%2F1%3Ftype%3D2%26campid%3DCAMPAIGNID%26toolid%3D11000%26customid%3DCUSTOMID%26ext%3D201709367429%26item%3D201709367429%26ipn%3Dpsmain%26icep_vectorid%3D229466%26icep_ff3%3D2%26icep_item%3D201709367429&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3Eminuts%3C%2Fspan%3E
Title: minuts

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=1061447437e1dde5&type=S&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=1061447437e1dde5&opt=true&out=http%3A%2F%2Fwww.ebay.com%2Fsch%2F11700%2Fi.html%3F_nkw%3Dwindows%2Bxp&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EWindows%20%3C%2Fspan%3E%3Cspan%3EXP%3C%2Fspan%3E
Title: Windows XP

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=87638971384d98a4&type=L&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=87638971384d98a4&opt=true&out=https%3A%2F%2Fwww.theshelvingstore.com%2Ffurniture&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3ESpace%3C%2Fspan%3E
Title: Space

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=5b7dd491f15c594f&type=H&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=5b7dd491f15c594f&opt=true&out=https%3A%2F%2Fwww.amazon.com%2Fdp%2FB07BB2BM4Y&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3ESymantec%3C%2Fspan%3E
Title: Symantec

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=e3880f900a9e9c4b&type=L&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=e3880f900a9e9c4b&opt=true&out=https%3A%2F%2Fwww.theshelvingstore.com%2Fstorage-organization&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EStorage%3C%2Fspan%3E
Title: Storage

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=c28b1808976d7632&type=L&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=c28b1808976d7632&opt=true&out=https%3A%2F%2Fwww.theshelvingstore.com%2Fshelving&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3ESystem%3C%2Fspan%3E
Title: System

Search URL Search Domain Scan URL

URL: http://www.msn.com/
Title: http://www.msn.com/

Search URL Search Domain Scan URL

URL: http://motive.com/
Title: motive.com

Search URL Search Domain Scan URL

URL: https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
Title: https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=db167dcacb5f7ca0&type=S&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=db167dcacb5f7ca0&opt=true&out=http%3A%2F%2Fwww.ebay.com%2Fsch%2F11700%2Fi.html%3F_nkw%3Dclass&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EClass%3C%2Fspan%3E
Title: Class

Search URL Search Domain Scan URL

URL: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238621999109
Title: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238621999109

Search URL Search Domain Scan URL

URL: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Title: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

Search URL Search Domain Scan URL

URL: http://isaac2.pslab.motive.com:9080/isaac/web/jsp/cti/McciMapInstaller_3-1-0.cab
Title: http://isaac2.pslab.motive.com:9080/isaac/web/jsp/cti/McciMapInstaller_3-1-0.cab

Search URL Search Domain Scan URL

URL: https://motive.webex.com/client/T27LB/nbr/ieatgpc.cab
Title: https://motive.webex.com/client/T27LB/nbr/ieatgpc.cab

Search URL Search Domain Scan URL

URL: https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
Title: https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab

Search URL Search Domain Scan URL

URL: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Title: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Search URL Search Domain Scan URL

URL: http://quality-center.sbc.com/qcbin/Spider10.cab
Title: http://quality-center.sbc.com/qcbin/Spider10.cab

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=1e1375f5cb67a60a&type=H&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=1e1375f5cb67a60a&opt=true&out=https%3A%2F%2Fwww.amazon.com%2Fdp%2FB01EYZWNTM&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EDesktop%20%3C%2Fspan%3E%3Cspan%3EWallPaper%3C%2Fspan%3E
Title: Desktop WallPaper

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=363aa50db7596ab3&type=H&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=363aa50db7596ab3&opt=true&out=https%3A%2F%2Frover.ebay.com%2Frover%2F1%2F711-53200-19255-0%2F1%3Ftype%3D2%26campid%3DCAMPAIGNID%26toolid%3D11000%26customid%3DCUSTOMID%26ext%3D251120626267%26item%3D251120626267%26ipn%3Dpsmain%26icep_vectorid%3D229466%26icep_ff3%3D2%26icep_item%3D251120626267&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EStandard%20%3C%2Fspan%3E%3Cspan%3Efloppy%3C%2Fspan%3E
Title: Standard floppy

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=8073a9404d735787&type=S&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=8073a9404d735787&opt=true&out=http%3A%2F%2Fwww.ebay.com%2Fsch%2F11700%2Fi.html%3F_nkw%3Dshockwave&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EShockwave%3C%2Fspan%3E
Title: Shockwave

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=d9d07fafbe08c6a5&type=L&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=d9d07fafbe08c6a5&opt=true&out=https%3A%2F%2Fwww.theshelvingstore.com%2Ffurniture&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EOffice%3C%2Fspan%3E
Title: Office

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=acb641ff7f66785d&type=S&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=acb641ff7f66785d&opt=true&out=http%3A%2F%2Fwww.amazon.com%2Fgp%2Fsearch%3Fie%3DUTF8%26camp%3D1789%26creative%3D9325%26index%3Dgarden%26keywords%3Dsilverlight%26linkCode%3Dur2&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3ESilverlight%3C%2Fspan%3E
Title: Silverlight

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=b7b9b05e4aeec75e&type=S&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=b7b9b05e4aeec75e&opt=true&out=http%3A%2F%2Fwww.ebay.com%2Fsch%2F11700%2Fi.html%3F_nkw%3Dvisual%2Bstudio&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EVisual%20%3C%2Fspan%3E%3Cspan%3EStudio%3C%2Fspan%3E
Title: Visual Studio

Search URL Search Domain Scan URL

URL: https://ftp.exe/
Title: ftp.exe"

Search URL Search Domain Scan URL

URL: http://acrobat.com/
Title: Acrobat.com

Search URL Search Domain Scan URL

URL: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Title: Link 1

Search URL Search Domain Scan URL

URL: http://www.forospyware.com/sUBs/ComboFix.exe
Title: Link 2

Search URL Search Domain Scan URL

URL: http://subs.geekstogo.com/ComboFix.exe
Title: Link 3

Search URL Search Domain Scan URL

URL: http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html
Title: here

Search URL Search Domain Scan URL

URL: http://i.viglink.com/?key=9aafeaa0dc973144cc8995b68291f36e&insertId=f9bf74e162e6ed9e&type=L&exp=60%3ACI1C55A%3A9&libId=k6xsia000100g3d9000DA15efdo5ntuygi&loc=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&v=1&iid=f9bf74e162e6ed9e&opt=true&out=https%3A%2F%2Fmatsy.com%2F&title=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&txt=%3Cspan%3EHome%3C%2Fspan%3E
Title: Home

Search URL Search Domain Scan URL

URL: http://www.gmer.net/
Title: http://www.gmer.net

Search URL Search Domain Scan URL

URL: http://www.superantispyware.com/download.html
Title: SuperAntispyware Free Edition (SAS)

Search URL Search Domain Scan URL

URL: http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml
Title: here

Search URL Search Domain Scan URL

URL: http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe
Title: here.

Search URL Search Domain Scan URL

URL: http://virusscan.jotti.org/
Title: Jotti's malware scan

Search URL Search Domain Scan URL

URL: http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Title: TDSSKiller

Search URL Search Domain Scan URL

URL: http://www.superantispyware.com/
Title: http://www.superantispyware.com

Search URL Search Domain Scan URL

URL: http://account.goodgamestudios.com/
Title: account.goodgamestudios.com

Search URL Search Domain Scan URL

URL: http://cdn.tremormedia.com/
Title: cdn.tremormedia.com

Search URL Search Domain Scan URL

URL: http://cdn2.baronsmedia.com/
Title: cdn2.baronsmedia.com

Search URL Search Domain Scan URL

URL: http://convoad.technoratimedia.com/
Title: convoad.technoratimedia.com

Search URL Search Domain Scan URL

URL: http://core.insightexpressai.com/
Title: core.insightexpressai.com

Search URL Search Domain Scan URL

URL: http://kaltura.hutchmedia.com/
Title: kaltura.hutchmedia.com

Search URL Search Domain Scan URL

URL: http://media.heavy.com/
Title: media.heavy.com

Search URL Search Domain Scan URL

URL: http://media.mtvnservices.com/
Title: media.mtvnservices.com

Search URL Search Domain Scan URL

URL: http://media.whosay.com/
Title: media.whosay.com

Search URL Search Domain Scan URL

URL: http://media1.break.com/
Title: media1.break.com

Search URL Search Domain Scan URL

URL: http://media2.onsugar.com/
Title: media2.onsugar.com

Search URL Search Domain Scan URL

URL: http://media4.onsugar.com/
Title: media4.onsugar.com

Search URL Search Domain Scan URL

URL: http://msnbcmedia.msn.com/
Title: msnbcmedia.msn.com

Search URL Search Domain Scan URL

URL: http://objects.tremormedia.com/
Title: objects.tremormedia.com

Search URL Search Domain Scan URL

URL: http://secure-us.imrworldwide.com/
Title: secure-us.imrworldwide.com

Search URL Search Domain Scan URL

URL: http://speed.pointroll.com/
Title: speed.pointroll.com

Search URL Search Domain Scan URL

URL: https://www.goodcholesterolcount.com/
Title: www.goodcholesterolcount.com

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.org/
Title: www.malwarebytes.org

Search URL Search Domain Scan URL

URL: http://virusscan.jotti.org/en/scanresult/5e5b06d57a8a5b6e85b5ce3c39ad251453580085
Title: http://virusscan.jotti.org/en/scanresult/5e5b06d57a8a5b6e85b5ce3c39ad251453580085

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=forumotion-en&utm_medium=referral&utm_content=thumbnails-Below:Below%20Article%20Thumbnails:
Title: Sponsored Links

Search URL Search Domain Scan URL

URL: http://medicaregranny.com/trending/brightest-stars-80s-what-now?utm_source=taboola&utm_medium=forumotion-en&utm_campaign=3847667&utm_term=At+77%2C+Linda+Evans+Leaves+Nothing+To+The+Imagination&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F86773a16b11940ac24f8d58cec2f8248.png
Title: MedicareGranny

Search URL Search Domain Scan URL

URL: https://militarybud.com/trending/french-cars2?utm_source=taboola&utm_medium=forumotion-en&utm_campaign=3701088&utm_term=La+voiture+de+Gad+Elmaleh+choque+le+monde+entier%2C+et+voici+la+preuve+en+image+%21&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Ff8adbbeb7a1e860ced003d6b306ac78e.jpg
Title: Military Bud

Search URL Search Domain Scan URL

URL: http://www.thedigitalnewsroom.com/euro-2016-beautiful-girls-supporters-competition.html?utm_source=taboola&utm_medium=referral&utm_campaign=Euro2016
Title: The Digital NewsRoom

Search URL Search Domain Scan URL

URL: http://bright-world.info/2018/06/19/top-8-beautiful-dogs-in-the-world/?utm_source=taboola2/boats&utm_medium=referral&utm_term=forumotion-en&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F7a5d3a60b7cd4b522446f0172a174533.jpg%20&utm_term=forumotion-en
Title: bright-world.info

Search URL Search Domain Scan URL

URL: https://www.forumotion.com/
Title: Free forum

Search URL Search Domain Scan URL

URL: https://www.forumotion.com/phpbb
Title: phpBB

Search URL Search Domain Scan URL

URL: https://help.forumotion.com/
Title: Free forum support

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en
Title: Ad

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1623534087&t=pageview&_s=1&dl=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&ul=en-us&de=UTF-8&dt=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=126615196&gjid=1181155138&cid=1084055444.1582387233&tid=UA-144337024-1&_gid=609043229.1582387233&_r=1&gtm=2ou2c0&z=1735455187 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_gid=609043229.1582387233&gjid=1181155138&_v=j81&z=1735455187 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187&slf_rd=1&random=2587507477

Request Chain 64

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&c9=&cs_ak_ss=1

Request Chain 80

https://server.exposebox.com/rcm HTTP 302
https://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=_j58n1zp

Request Chain 81

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=149808ba-1acc-4e0a-84b0-b40edc27f90d HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=149808ba-1acc-4e0a-84b0-b40edc27f90d&tbid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&query=taboola_hm%3D149808ba-1acc-4e0a-84b0-b40edc27f90d&isDirect=0 HTTP 302
https://match.zorosrv.com/match?tabid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&extuid=149808ba-1acc-4e0a-84b0-b40edc27f90d&excid=218&query=taboola_hm%3D149808ba-1acc-4e0a-84b0-b40edc27f90d

Request Chain 83

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D HTTP 302
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=U7Rd5j8TZd8ndqc8KS8SpAb3M6-l2yTwssdajfWCHFE%3D

Request Chain 84

https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID] HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID]&mm_bnc&mm_bct&UUID=1b265e51-5028-4b00-9644-a00317dee7f5 HTTP 302
https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=1b265e51-5028-4b00-9644-a00317dee7f5

Request Chain 85

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Ftrc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%% HTTP 302
https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mVDPgooR9quU&ev=1&pid=562107

Request Chain 86

https://creativecdn.com/cm-notify?pi=taboola HTTP 302
https://ams.creativecdn.com/cm-notify?pi=taboola&tc=1 HTTP 302
https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=vj5vaNYjEIulRN9m35w0&pi=taboola&tc=1

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOtnsjNOv5uYTac6dgw-JPM&google_cver=1

Request Chain 90

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=3f187151-bcdc-45d0-bd74-5b4b27a5027a

Request Chain 91

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9 HTTP 302
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

Request Chain 94

https://x.bidswitch.net/sync?ssp=taboola HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=cb8d3d33-f2c0-4230-accd-7bd509ff1319&ssp=taboola HTTP 302
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=7382c36d-3d99-4492-8967-ba74b9b9c9f1

149 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request t28588-urgent-help-with-trojan-zeroaccessinf Show response
geekpolice.forumotion.com/ 429 KB
78 KB 484ms
407ms Document
text/html 188.165.2.137
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.165.2.137 , Ireland, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

14e342c6de6ba11bd6cf079d8cabadae857ec076d41a7199812372b457270601

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

:method: GET
:authority: geekpolice.forumotion.com
:scheme: https
:path: /t28588-urgent-help-with-trojan-zeroaccessinf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: document

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:32 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Sat, 22 Feb 2020 00:00:00 GMT
last-modified: Sat, 22 Feb 2020 16:00:32 GMT
vary: User-Agent
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip

GET
H2 200 5-ltr.css
geekpolice.forumotion.com/ 119 KB
23 KB 127ms
125ms Stylesheet
text/css 188.165.2.137
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://geekpolice.forumotion.com/5-ltr.css

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

188.165.2.137 , Ireland, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

4d74fbd56a90385e006e70fe80f9a09ef2e12e558dfee592c2a1c7445bf0a79e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: style

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 22 Feb 2020 00:00:00 GMT
status: 200
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
content-security-policy: upgrade-insecure-requests
content-length: 23355
x-xss-protection: 1
x-cache-ma: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ 93 KB
33 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 01 Feb 2020 01:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1865635
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33845
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 31 Jan 2021 01:46:38 GMT

GET
H2 200 en.js Show response
illiweb.com/rs3/61/frm/lang/ 69 KB
16 KB 45ms
21ms Script
application/x-javascript 2606:4700:3034::681b:9f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rs3/61/frm/lang/en.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::681b:9f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

162f8a6d61544a0ab207c5614393b66bc21ddb2bfeabfc2c8f1479e21b7f5495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 436104
cf-polished: origSize=70993
status: 200
cf-bgj: minify
x-xss-protection: 1; mode=block
x-cache-ne: HIT
last-modified: Tue, 07 Jan 2020 15:40:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache-pr: HIT
cf-ray: 56922c6ebc24d6d9-FRA
expires: Tue, 16 Feb 2021 14:52:09 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 96 KB
29 KB 51ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a7019b73cbcf928d42e36f0588c8748254ef15b914690083d80a629943267dcd

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: gzip
last-modified: Mon, 10 Feb 2020 14:17:04 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5e4165e0-181f1"
content-type: text/javascript
status: 200
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sun, 23 Feb 2020 16:00:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 16ms
14ms Script
application/javascript 2a00:1450:4001:825::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-144337024-1

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

076a0da04785a7bfd4686af1d277cee821f358f73b3754d4303b9d32e584aa4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28492
x-xss-protection: 0
last-modified: Sat, 22 Feb 2020 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Feb 2020 16:00:33 GMT

GET
H2 200 jquery.cookie.js Show response
illiweb.com/rs3/61/frm/jquery/cookie/ 1011 B
471 B 51ms
27ms Script
application/x-javascript 2606:4700:3034::681b:9f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rs3/61/frm/jquery/cookie/jquery.cookie.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::681b:9f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 436108
status: 200
last-modified: Tue, 27 Aug 2019 14:00:14 GMT
x-xss-protection: 1; mode=block
x-cache-ne: MISS
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache-pr: MISS
cf-ray: 56922c6ebc29d6d9-FRA
expires: Tue, 16 Feb 2021 14:52:05 GMT

GET
H2 200 FAToolbar.js Show response
illiweb.com/rs3/61/frm/jquery/toolbar/ 23 KB
5 KB 50ms
26ms Script
application/x-javascript 2606:4700:3034::681b:9f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rs3/61/frm/jquery/toolbar/FAToolbar.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::681b:9f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53b50d936fbd0379b43181e53561a665a21e6ea1d1fd50a08b8eeaa0fee06906

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 436108
status: 200
last-modified: Tue, 27 Aug 2019 14:00:14 GMT
x-xss-protection: 1; mode=block
x-cache-ne: MISS
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache-pr: MISS
cf-ray: 56922c6ebc28d6d9-FRA
expires: Tue, 16 Feb 2021 14:52:05 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
540 B 17ms
15ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

95b8b2e473f89b19fea337be84c5c551477874b0db546b77d02f0d87a037303e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 447
x-xss-protection: 1; mode=block
expires: Sat, 22 Feb 2020 16:00:33 GMT

GET
H2 200 icon
fonts.googleapis.com/ 527 B
445 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42359043a67804ccc6798b35ef28dc140b72fe74f3c9b43fbaf4b97c624f6665

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 22 Feb 2020 16:00:33 GMT
server: ESF
date: Sat, 22 Feb 2020 16:00:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Feb 2020 16:00:33 GMT

GET
H2 200 mini-n10.png
i.servimg.com/u/f58/13/43/60/71/ 16 KB
16 KB 39ms
14ms Image
image/png 2606:4700:3037::6812:3807
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.servimg.com/u/f58/13/43/60/71/mini-n10.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6812:3807 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c5a52e287c724e3286b39c6d2999a876ce197014c73622c1bd61757c3ee92cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 795996
status: 200
content-length: 16274
x-xss-protection: 1; mode=block
last-modified: Mon, 20 Mar 2017 19:14:37 GMT
server: cloudflare
etag: "58d02a1d-3f92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6eba19175a-FRA
expires: Fri, 12 Feb 2021 10:53:57 GMT

GET
H2 200 empty.gif
illiweb.com/fa/ 42 B
185 B 55ms
32ms Image
image/gif 2606:4700:3034::681b:9f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://illiweb.com/fa/empty.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::681b:9f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1878395
status: 200
content-length: 42
x-xss-protection: 1; mode=block
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
server: cloudflare
etag: "41d5e800-2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6ebc2ad6d9-FRA
expires: Sat, 30 Jan 2021 22:13:58 GMT

GET
H2 200 25710.png
i.servimg.com/u/f37/13/43/60/71/ 899 B
1 KB 34ms
34ms Image
image/png 2606:4700:3037::6812:3807
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.servimg.com/u/f37/13/43/60/71/25710.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6812:3807 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88260eac4e7bdd1d5eae4265ec1cf27057150926cf42c1543e61d6775fab90ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 66061
status: 200
content-length: 899
x-xss-protection: 1; mode=block
last-modified: Sat, 03 Dec 2016 08:19:33 GMT
server: cloudflare
etag: "58428015-383"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6eda5d175a-FRA
expires: Sat, 20 Feb 2021 21:39:32 GMT

GET
H2 200 1370.png
i.servimg.com/u/f37/11/40/02/06/ 17 KB
17 KB 175ms
175ms Image
image/png 2606:4700:3037::6812:3807
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.servimg.com/u/f37/11/40/02/06/1370.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6812:3807 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e954e030b0295a228516347c01f51e27b09894bda258c5058ff8c29b4efcf539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
content-length: 17186
x-xss-protection: 1; mode=block
last-modified: Wed, 25 Jan 2017 16:34:28 GMT
server: cloudflare
etag: "5888d394-4322"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6f0aed175a-FRA
expires: Sun, 21 Feb 2021 16:00:33 GMT

GET
H2 200 NSIS_disclaimer_ENG.png
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 18 KB
19 KB 225ms
164ms Image
image/png 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2da348c69333630f763befa85f4c3297a0e64372f34bbc69288bcdf9250d794d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 18511
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Jan 2012 00:52:20 GMT
server: cloudflare
etag: "4f14c644-484f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6f68676485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 NSIS_extraction.png
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 15 KB
15 KB 168ms
167ms Image
image/png 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf5d88991e668459f84092cc3729c0adfda768076ebd7791ed49fccff76c4eb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 15188
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Jan 2012 00:52:21 GMT
server: cloudflare
etag: "4f14c645-3b54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6ff8e26485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 RcAuto1.gif
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 7 KB
7 KB 154ms
152ms Image
image/gif 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9190332b785d4e94be3332ab55eeeaa66279e22dd3de6441e38af9345465365c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6925
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Jan 2012 00:52:22 GMT
server: cloudflare
etag: "4f14c646-1b0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6ff8e66485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 whatnext.png
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 8 KB
8 KB 105ms
104ms Image
image/png 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/whatnext.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3e328d0eb0e0dc3fe3bac4dc244a3dfb42cb519f1e88d93e50b89b889c607f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8215
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Jan 2012 00:52:19 GMT
server: cloudflare
etag: "4f14c643-2017"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6ff8ec6485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 26110.png
i.servimg.com/u/f37/13/43/60/71/ 4 KB
4 KB 113ms
112ms Image
image/png 2606:4700:3037::6812:3807
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.servimg.com/u/f37/13/43/60/71/26110.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6812:3807 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e440b75623a8b056a722f4821563d6c3e720d2131b7329ebf30da867598b318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
content-length: 4021
x-xss-protection: 1; mode=block
last-modified: Sat, 03 Dec 2016 08:19:33 GMT
server: cloudflare
etag: "58428015-fb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6ffdb7175a-FRA
expires: Sun, 21 Feb 2021 16:00:33 GMT

GET
H2 200 44629-43.gif
7img.net/users/2815/89/79/54/avatars/ 1 KB
2 KB 191ms
121ms Image
image/gif 2606:4700:3030::681f:4408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://7img.net/users/2815/89/79/54/avatars/44629-43.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::681f:4408 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

849a7973a59dd42b90a1135c35b3d990f85836ab3a997dc8f7b0af38252879b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1086
x-xss-protection: 1
last-modified: Mon, 26 Dec 2011 00:38:13 GMT
server: cloudflare
etag: "4ef7c1f5-43e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c706d58d6b9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 184214296.gif
7img.net/users/2815/89/79/54/smiles/ 808 B
911 B 193ms
123ms Image
image/gif 2606:4700:3030::681f:4408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://7img.net/users/2815/89/79/54/smiles/184214296.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::681f:4408 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

723de497fedb84a4da163f75065f4d740c799607fe69742390782f15bf8dbf7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 808
x-xss-protection: 1
last-modified: Sun, 29 Jan 2017 23:05:52 GMT
server: cloudflare
etag: "588e7550-328"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c706d59d6b9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cfscriptb4.gif
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 12 KB
12 KB 126ms
125ms Image
image/gif 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e71ce8fdd29b3c7b0c0cc16b5a9f1cedf7a420d55f4becbb3caf97fd98dc4dd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12377
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Apr 2011 18:10:53 GMT
server: cloudflare
etag: "4db9adad-3059"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6ff8ed6485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mbamicontw5.gif
2img.net/h/i424.photobucket.com/albums/pp322/digistar/ 2 KB
2 KB 107ms
106ms Image
image/gif 2606:4700:3031::681b:8de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2img.net/h/i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:8de7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ade594ab473672b093e74ea72c5c4c42aa03f641eefcba1f2d637b0fc7600f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1636
x-xss-protection: 1; mode=block
last-modified: Tue, 26 Apr 2011 19:35:07 GMT
server: cloudflare
etag: "4db71e6b-664"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c6ff8f16485-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-144337024-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 723
date: Sat, 22 Feb 2020 15:48:30 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Sat, 22 Feb 2020 17:48:30 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/forumotion-en/ 85 KB
19 KB 7294ms
40ms Script
application/javascript 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/forumotion-en/loader.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa220dd8332679b8547150dfe1ead60d9d3712d7c8164cab8da3ac453596e0d7

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: wn99GRabTNClO_tNCIO2EVj.U00AUCsG
content-encoding: gzip
age: 68
x-cache: HIT
status: 200
date: Sat, 22 Feb 2020 16:00:40 GMT
content-length: 19355
x-amz-id-2: P7rfJ2580qssZuEcC1pRMurAjgA40C8LGNNYjflEfwmqaUhRHwWtFGMU7eE2gGB2gPdT/vSlN3Q=
x-served-by: cache-fra19147-FRA
last-modified: Tue, 18 Feb 2020 14:56:30 GMT
server: AmazonS3
x-timer: S1582387241.553994,VS0,VE1
etag: "566c90b298317926ef36a1b930dfab28"
vary: Accept-Encoding
x-amz-request-id: 57F9EF2CB94EABF7
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 65
x-cache-hits: 1

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
155 B 100ms
18ms XHR
text/plain 178.250.2.152
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?ptv=84&profileId=206&cb=25828783266
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.152 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-type: application/x-www-form-urlencoded

Response headers

status: 204
date: Sat, 22 Feb 2020 16:00:32 GMT
access-control-allow-credentials: true
server: Finatra
access-control-allow-origin: https://geekpolice.forumotion.com
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK slm.prebid.forumactif.js Show response
ads.sportslocalmedia.com/ 2 KB
1 KB 7362ms
30ms Script
application/javascript 78.109.92.217
TYPHON-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.sportslocalmedia.com/slm.prebid.forumactif.js?2637312
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.0, RSA, AES_128_CBC
Server: 78.109.92.217 , France, ASN34948 (TYPHON-AS, FR),
Reverse DNS: footeo.typhon.net
Software: nginx /
Resource Hash: 2c8131f7ba755379dc891837b3fb8d33a121af58a922a7f042094cb4fcf58af0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Feb 2020 14:16:21 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
X-Slowfs-Cache: HIT
Expires: Sat, 22 Feb 2020 17:00:40 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/n1ZaVsRK4TYyiKxYab0h8MUD/ 259 KB
93 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/n1ZaVsRK4TYyiKxYab0h8MUD/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

327358936ae1faca746b38258cde21f2574d062dc6f939a8b9fcfa8e2adfc9ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 17:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 17 Feb 2020 05:05:57 GMT
server: sffe
age: 340171
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 94999
x-xss-protection: 0
expires: Wed, 17 Feb 2021 17:31:02 GMT

GET
H2 200 djs-te10.jpg
i.servimg.com/u/f18/13/43/60/71/ 24 KB
25 KB 11ms
11ms Image
image/jpeg 2606:4700:3037::6812:3807
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.servimg.com/u/f18/13/43/60/71/djs-te10.jpg

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6812:3807 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f6d81eec4ac78a35964c2755aba7bd57c52c6a1de2ac035548442ff32b0d89f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/5-ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 795996
status: 200
content-length: 25020
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Nov 2019 01:17:34 GMT
server: cloudflare
etag: "5dd4942e-61bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 56922c6ffdc4175a-FRA
expires: Fri, 12 Feb 2021 10:53:57 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v50/ 59 KB
60 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v50/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4517f0a3893222df073141313c178ccbc99343f3903fb12023173b0d9de78ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/icon?family=Material+Icons
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

date: Thu, 20 Feb 2020 03:13:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Feb 2020 01:57:40 GMT
server: sffe
age: 218828
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 60832
x-xss-protection: 0
expires: Fri, 19 Feb 2021 03:13:25 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 12ms
12ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=1
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
access-control-allow-origin: *
etag: "493ea254-2b"
content-type: image/gif
status: 200
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 16 Feb 2021 16:00:33 GMT

GET
H2 200 pixel.gif
static.criteo.net/images/ 43 B
260 B 12ms
11ms Image
image/gif 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.criteo.net/images/pixel.gif?ch=2
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
server: nginx
access-control-allow-origin: *
etag: "493ea254-2b"
content-type: image/gif
status: 200
cache-control: max-age=31104000, public
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 16 Feb 2021 16:00:33 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 349 KB
113 KB 7283ms
42ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 21 Jan 2020 20:57:37 GMT
server: nginx/1.15.8
etag: "5e2765c1-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Sat, 22 Feb 2020 16:00:40 GMT
x-host: s7.addthis.com
content-length: 114924

GET
H2 200 railscasts.min.css
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/styles/ 920 B
428 B 14ms
13ms Stylesheet
text/css 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/styles/railscasts.min.css

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94d8938571b1ea3971b3e36c08700860afaa0d53415934f3fc09066e011ec80

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: style

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 1322938
cf-ray: 56922c701aa8dff7-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:19:26 GMT
server: cloudflare
etag: W/"5afd491e-398"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Thu, 11 Feb 2021 16:00:33 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/ 44 KB
17 KB 18ms
17ms Script
application/javascript 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/highlight.min.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29b7d38c1d1667cbef5e781da49198dd8a77c4a93eb6db5ba8294ed756a70885

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 1323741
cf-ray: 56922c701aacdff7-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:19:26 GMT
server: cloudflare
etag: W/"5afd491e-aef9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 11 Feb 2021 16:00:33 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.003

GET
H2 200 go.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/languages/ 732 B
605 B 12ms
12ms Script
application/javascript 2606:4700::6811:4104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.9.0/languages/go.min.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d5b967ce534ad614c089365d716f72b61d259fc6d2b820f6ea11eacfd4ff373

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
cf-cache-status: HIT
age: 14878355
cf-ray: 56922c701aaddff7-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Thu, 17 May 2018 09:19:26 GMT
server: cloudflare
etag: W/"5afd491e-2dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 11 Feb 2021 16:00:33 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 53ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41D8) /
Resource Hash: 1a4dee2269258e980cfbc6965cca52520d51b0cf399cef6218e123c7620cafdc

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Feb 2020 23:55:53 GMT
Server: ECS (fcn/41D8)
Age: 722
Etag: "d6438f3ded1a231e0c47db28e12b2834+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 29101

GET
H2 200 all.js Show response
connect.facebook.net/en_EN/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_EN/all.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0573d46962f301ed10c572f0fa59035de81010a2ed7e05e0c661f560045bbd6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vNIEHyifwZCLl9oMYpjwtQ==
status: 200
date: Sat, 22 Feb 2020 16:00:33 GMT, Sat, 22 Feb 2020 16:00:33 GMT
expires: Sat, 22 Feb 2020 16:20:29 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 1778
x-fb-debug: LClq+z4nPG3mKxpiqtBGeYUfQgwa9AyFoIpyMMFLSEGR9/3jfKmZjd+Bu9sZMXVuHkMpTF1V9+VBNDKfY5dwfA==
x-fb-trip-id: 420120009
x-fb-content-md5: ed1f321721e9774dfa28a4500e5d7df8
etag: "690c994bd57d31a7fcab03e30d3e04f1"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

Content-Type: image/png

GET
H2 200 main.js Show response
illiweb.com/rs3/61/frm/awesome/ 11 KB
2 KB 11ms
11ms Script
application/x-javascript 2606:4700:3034::681b:9f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://illiweb.com/rs3/61/frm/awesome/main.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::681b:9f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26728017ee584b3e0e9a8f2783825afab13aa446132c3dc69e1553eed881b0e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 436086
status: 200
last-modified: Thu, 02 Jan 2020 10:07:02 GMT
x-xss-protection: 1; mode=block
x-cache-ne: MISS
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-cache-pr: MISS
cf-ray: 56922c70a9f3d6d9-FRA
expires: Tue, 16 Feb 2021 14:52:27 GMT

GET
H/1.1 200
OK 11662.js Show response
ads.rubiconproject.com/ad/ Frame 7184 29 KB
9 KB 333ms
32ms Script
text/javascript 2.19.38.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/11662.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-38-84.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:33 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=10161
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 8784
Expires: Sat, 22 Feb 2020 18:49:54 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1623534087&t=pageview&_s=1&dl=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&ul=en-us&de=UTF-8&dt=Urg...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_gid=609043229.1582387233&gjid=1181155138&_v=j81&z=1735455187
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187&slf_rd=1&random=2587507477

42 B
109 B

17ms
16ms

Image
image/gif

2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187&slf_rd=1&random=2587507477

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-144337024-1&cid=1084055444.1582387233&jid=126615196&_v=j81&z=1735455187&slf_rd=1&random=2587507477
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 187 KB
56 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=96e78fc54add83defd42dc0ea32d808d&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_EN/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c3465eca606b1e68940290c8bb3ae54742cd79a00eda85e23a2c3cba54dccd66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ZG05Bi4sLUhffzTftTkfCg==
status: 200
date: Sat, 22 Feb 2020 16:00:33 GMT, Sat, 22 Feb 2020 16:00:33 GMT
expires: Sun, 21 Feb 2021 14:56:55 GMT
alt-svc: h3-24=":443"; ma=3600
content-length: 57050
x-fb-debug: Zh2KBUEZlYR4MQHo8230g33XjIlKdlDJIqWo2rQJh8NTdEIOebdiQKtgff0w8zKl47VY8F94nDsmX1GPjGxR9w==
x-fb-trip-id: 420120009
x-fb-content-md5: fd62dcbb104b48cb4f8f40891587da15
etag: "94316d691d47cf5fdcfb25e5405264e0"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK 151162-2.js Show response
optimized-by.rubiconproject.com/a/11662/36432/ Frame 7184 2 KB
2 KB 509ms
159ms Script
text/javascript 69.173.144.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/11662/36432/151162-2.js?&cb=0.009904666489304992&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=36432_2&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3c31cd65ebdc949a23d1efd2f32310709b7f05ecc8189fe463137b4112f75fc2

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:34 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Keep-Alive: timeout=5
Content-Length: 857
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 ccaxe
adstune.com/ Frame 4A83 0
0 149ms
61ms Document
text/html 2606:4700:3031::6818:7f32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adstune.com/ccaxe

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151162-2.js?&cb=0.009904666489304992&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=36432_2&rp_secure=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6818:7f32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adstune.com
:scheme: https
:path: /ccaxe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:34 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d44b1768fd88fb4f3d46e535765e788491582387234; expires=Mon, 23-Mar-20 16:00:34 GMT; path=/; domain=.adstune.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-cache-ne: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56922c76989f96da-FRA
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame DEC6 0
0 144ms
25ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Requested by: Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151162-2.js?&cb=0.009904666489304992&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=36432_2&rp_secure=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: khaos=K6XSI44R-1W-7QLE; rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKKCtlSpuIonwVQ9xrYyRPQTkQMCcCrTlkuDKR3OttFOpDwv9SSiUXyP4Wwn1rWxbuVEZ+xAvac7RQXIhonWtDKIxObX7SqHQWVv/Uu/D+hEPPQ==; audit=1|hLZGFuTafB3IwRs2pi+7VLP28YeSsEsBAkaYPbo9Xfj1w0YUBi1SzY3/DCP5runbnEssCpn1Ox+IrbQLRWeIDyYbB5SW5XQ3ujfM1FIZ/gSma+WVcS1g3g==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 12 Feb 2020 18:47:41 GMT
Content-Encoding: gzip
Content-Length: 7693
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=45485
Expires: Sun, 23 Feb 2020 04:38:39 GMT
Date: Sat, 22 Feb 2020 16:00:34 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK ba9e970f-1ec9-4b96-ad70-d4abed8ea92e
beacon-eu2.rubiconproject.com/beacon/d/ Frame 7184 43 B
268 B 147ms
40ms Image
image/webp 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/ba9e970f-1ec9-4b96-ad70-d4abed8ea92e?oo=0&accountId=11662&siteId=36432&zoneId=151162&sizeId=2&e=6A1E40E384DA563B2EB147A1F8CE9F5C2B449E0F9C58B068699AE578A6050C8DAEEACBF222DE311207CCBC7CADE9DF56E4A9AFA6E089EF84ACB9F8CE7AB969AD69117786540571F2B8B582EBACE6C3C3AC237D6FA0EBFC9A6240B348FC26EBCFD5C4D23CD9F5F2FAFE8CD277C7E485E71A0D8EFAEBD2E66583009FDB9DE7981633F8630F2FDB6069
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:33 GMT
Cache-Control: private, max-age=0, no-cache
Expires: 01 Jan 1970 10:00:00 GMT
Server: Rubicon Project
Content-Length: 43
Content-Type: image/webp

GET
H2 200 impl.20200218-15-RELEASE.js Show response
cdn.taboola.com/libtrc/ 441 KB
125 KB 25ms
24ms Script
application/javascript 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/forumotion-en/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36120315ac48cb331f54bbc978490bfa3ce4fec82cc3853d070ef7bb1a806755

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: RNhYOmXru5KW1VimHg_7Waw1Pp.6Nvmw
content-encoding: gzip
age: 52
x-cache: HIT
status: 200
date: Sat, 22 Feb 2020 16:00:40 GMT
x-amz-replication-status: COMPLETED
content-length: 127274
x-amz-id-2: b7ViNs6dCJX0WnA63Uo5Sd8uE1DqwNlpNdrbaSZFbrO0p90LQVyN+WjWyyyE+fLrpQijvyg+Cak=
x-served-by: cache-fra19147-FRA
last-modified: Tue, 18 Feb 2020 14:20:44 GMT
server: AmazonS3
x-timer: S1582387241.607153,VS0,VE0
etag: "3faf07a1bc23d13f58c9886f6518a0d4"
vary: Accept-Encoding
x-amz-request-id: 0F2BD1111142DBD2
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 62
x-cache-hits: 314

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 80ms
23ms Script
application/x-javascript 23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/forumotion-en/loader.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:40 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sun, 23 Feb 2020 16:00:40 GMT

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 81ms
27ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:40 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: FBAF69B7861DE212
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=10977
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=

GET
H/1.1 200
OK 11662.js Show response
ads.rubiconproject.com/ad/ Frame 33B0 29 KB
9 KB 26ms
25ms Script
text/javascript 2.19.38.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/11662.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-38-84.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:40 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=10154
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 8784
Expires: Sat, 22 Feb 2020 18:49:54 GMT

GET
H/1.1 200
OK 11662.js Show response
ads.rubiconproject.com/ad/ Frame 728E 29 KB
9 KB 23ms
23ms Script
text/javascript 2.19.38.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/11662.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.38.84 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-38-84.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:40 GMT
Content-Encoding: gzip
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=10062
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 8784
Expires: Sat, 22 Feb 2020 18:48:22 GMT

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 78 KB
28 KB 54ms
30ms Script
text/javascript 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1021614
status: 200
content-type: text/javascript
content-length: 27746
x-amz-id-2: k+okSOR42zJ+0NXBU9e7GjyX3LnVDI3WyfHKAbO/Li4DV/GDGOBbRpY1uMvq+ZdZAZ2xUfG39SY=
last-modified: Mon, 21 Oct 2019 20:13:23 GMT
server: cloudflare
etag: "df893ab92782cedac4da4785df9ec68e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 0D47E0D8F5A25A84
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 56922c9e686c643d-FRA
expires: Sat, 22 Feb 2020 16:30:40 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 33ms
14ms Font
text/css 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ade509d4ea93e2755569837ea972e04251679ac10ba99d64e9800a3e2edec6f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 22 Feb 2020 16:00:40 GMT
server: ESF
date: Sat, 22 Feb 2020 16:00:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 22 Feb 2020 16:00:40 GMT

GET
H2 200 connect.js Show response
connect.topicit.net/scripts/ 3 KB
2 KB 42ms
16ms Script
application/javascript 2606:4700:3031::681b:a9ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.topicit.net/scripts/connect.js

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a9ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 717
cf-polished: origSize=5437
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
server: cloudflare
etag: W/"5d653880-153d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 56922c9f8ede178e-FRA
cf-bgj: minify

GET
H2 200 androi10.png
7img.net/users/2815/89/79/54/avatars/gallery/ 5 KB
5 KB 16ms
16ms Image
image/png 2606:4700:3030::681f:4408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://7img.net/users/2815/89/79/54/avatars/gallery/androi10.png

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::681f:4408 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49ab0086d7dde46e17d30747a89d97a09c5aaf66b667ca3a6d79de98c2ef044b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1044379
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 4750
x-xss-protection: 1
last-modified: Wed, 30 Nov 2016 07:05:43 GMT
server: cloudflare
etag: "583e7a47-128e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 56922c9f7f03d6b9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 syncframe
gum.criteo.com/ Frame 15C9 0
0 43ms
14ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=geekpolice.forumotion.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=geekpolice.forumotion.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
x-powered-by: ASP.NET
date: Sat, 22 Feb 2020 16:00:40 GMT
content-length: 4774

GET
H/1.1 200
OK widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html
platform.twitter.com/widgets/ Frame D044 0
0 24ms
24ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.7303c29a8108bca4ac5c9ef008ed8164.html?origin=https%3A%2F%2Fgeekpolice.forumotion.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419B) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1440276
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 22 Feb 2020 16:00:41 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Wed, 05 Feb 2020 23:46:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/419B)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H2 200 like.php
www.facebook.com/plugins/ Frame 7B3C 0
0 61ms
61ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df22320f45dfc484%26domain%3Dgeekpolice.forumotion.com%26origin%3Dhttps%253A%252F%252Fgeekpolice.forumotion.com%252Ff28e2267988f2c8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=96e78fc54add83defd42dc0ea32d808d&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D45%23cb%3Df22320f45dfc484%26domain%3Dgeekpolice.forumotion.com%26origin%3Dhttps%253A%252F%252Fgeekpolice.forumotion.com%252Ff28e2267988f2c8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
content-encoding: br
timing-allow-origin: *
pragma: no-cache
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT
cache-control: private, no-cache, no-store, must-revalidate
content-type: text/html; charset="utf-8"
x-fb-debug: 6916Hggl9fM2j0fvZrW2ZdBnDyzio4oRvm4LB/YqSfCg6q1x8zXmvycehY66G4jzWN+uyeYotdS1j7f0ce50Jg==
date: Sat, 22 Feb 2020 16:00:41 GMT Sat, 22 Feb 2020 16:00:41 GMT
alt-svc: h3-24=":443"; ma=3600

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/forumotion/ 166 B
325 B 45ms
41ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/forumotion/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:40 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=26, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H/1.1 200
OK slmadshb.js Show response
ads.sportslocalmedia.com/ 166 KB
57 KB 144ms
144ms Script
application/javascript 78.109.92.217
TYPHON-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.sportslocalmedia.com/slmadshb.js
Requested by: Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slm.prebid.forumactif.js?2637312
Protocol: HTTP/1.1
Security: TLS 1.0, RSA, AES_128_CBC
Server: 78.109.92.217 , France, ASN34948 (TYPHON-AS, FR),
Reverse DNS: footeo.typhon.net
Software: nginx /
Resource Hash: 6e02b8d9136deffbc71b3370e6fac7f366282ea89d309754b06c013276b5c0a7

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Feb 2020 14:16:21 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
X-Slowfs-Cache: HIT
Expires: Sat, 22 Feb 2020 17:00:41 GMT

GET
H2 200 json Show response
trc.taboola.com/forumotion-en/trc/3/ 9 KB
5 KB 127ms
125ms Script
application/javascript 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/forumotion-en/trc/3/json?tim=17%3A00%3A41.078&lti=deflated&data=%7B%22id%22%3A475%2C%22ii%22%3A%22%2Ft28588-urgent-help-with-trojan-zeroaccessinf%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1582387241066%2C%22cv%22%3A%2220200218-15-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1585%2C%22dh%22%3A79596%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-Below%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A78856%2C%22mw%22%3A1285%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2b0459b2de0cf6cbf41bedce6c8a0cc8357bd809b239bb7ed6dfbd22c8a990f9

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

x-vcl-time-ms: 102
date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
via: 1.1 varnish
x-served-by: cache-fra19147-FRA
server: nginx
x-timer: S1582387241.093337,VS0,VE102
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1 200
OK 151168-15.js Show response
optimized-by.rubiconproject.com/a/11662/36432/ Frame 33B0 2 KB
2 KB 90ms
90ms Script
text/javascript 69.173.144.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.2297480718199798&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2e8e252a90b8cf81bfc3ab4333c12a7e94f015831698a2857b84378d444ea540

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Keep-Alive: timeout=5
Content-Length: 860
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK 151168-15.js Show response
optimized-by.rubiconproject.com/a/11662/36432/ Frame 728E 2 KB
2 KB 103ms
103ms Script
text/javascript 69.173.144.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.4451037536604292&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/11662.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 03170d876a0adf17b20fdf99fb7829a2b62ab758c67adf0c24d733b06ab2991f

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Keep-Alive: timeout=5
Content-Length: 865
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%2...
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%...

0
528 B

25ms
24ms

Image
text/plain

23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&c9=&cs_ak_ss=1
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1582387241093&ns_c=UTF-8&cv=3.5&c8=Urgent%20Help%20with%20Trojan.Zeroaccess!inf&c7=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK button.a657e8de41cd5e7b38cde1f36c9ab9c2.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.a657e8de41cd5e7b38cde1f36c9ab9c2.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41D8) /
Resource Hash: 8fb0dbd66e3091dd62288e41c7cf318688f865c82235b9b20859f137616b8fb0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Feb 2020 23:45:52 GMT
Server: ECS (fcn/41D8)
Age: 1439907
Etag: "09b3168455e779aae7dfda717bf2c67c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 2298

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
396 B 19ms
19ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=0.0699633508630737
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
cf-cache-status: HIT
age: 14
status: 200
content-type: image/gif
content-length: 43
x-amz-id-2: BqCPjZAPsLbKDpICneWtqUUbPcKoT0de6uFdSMN2JLxel8c9UpfO++gKfB9AINE05qeEB8pFzSM=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 0EAF4E1BA06C19B7
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
cf-ray: 56922ca0fa49643d-FRA

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
104 B 24ms
24ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=0.0699633508630737
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
cf-cache-status: HIT
age: 14
status: 200
content-type: image/gif
content-length: 43
x-amz-id-2: BqCPjZAPsLbKDpICneWtqUUbPcKoT0de6uFdSMN2JLxel8c9UpfO++gKfB9AINE05qeEB8pFzSM=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 0EAF4E1BA06C19B7
cache-control: max-age=15, must-revalidate
accept-ranges: bytes
cf-ray: 56922ca0fa4a643d-FRA

GET
H/1.1 200
OK tweet_button.7303c29a8108bca4ac5c9ef008ed8164.en.html
platform.twitter.com/widgets/ Frame 146D 0
0 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.7303c29a8108bca4ac5c9ef008ed8164.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41D8) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1439768
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 22 Feb 2020 16:00:41 GMT
Etag: "01d9af497035167f6b7f40b91851b88b+gzip"
Last-Modified: Wed, 05 Feb 2020 23:45:58 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/41D8)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 12386

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 43 KB
15 KB 86ms
31ms Script
text/javascript 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slmadshb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

2c40268ea5d1402c6a0431392941b3e1b13f4f0ab05bbb33edef1e0b54fedd63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "435 / 20 of 1000 / last-modified: 1582321236"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14534
x-xss-protection: 0
expires: Sat, 22 Feb 2020 16:00:41 GMT

GET
H/1.1 200
OK slm.prebid.3.7.1.js Show response
ads.sportslocalmedia.com/ 259 KB
99 KB 226ms
225ms Script
application/javascript 78.109.92.217
TYPHON-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.sportslocalmedia.com/slm.prebid.3.7.1.js
Requested by: Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slmadshb.js
Protocol: HTTP/1.1
Security: TLS 1.0, RSA, AES_128_CBC
Server: 78.109.92.217 , France, ASN34948 (TYPHON-AS, FR),
Reverse DNS: footeo.typhon.net
Software: nginx /
Resource Hash: 8a784c528f9dd6c8e1cf2e4e35d5499742679ac41c09f299114bca88646ccc99

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Feb 2020 14:16:21 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
X-Slowfs-Cache: HIT
Expires: Sat, 22 Feb 2020 17:00:41 GMT

GET
H/1.1 200
OK app.js Show response
ads.slmads.com/js/ 144 KB
53 KB 483ms
227ms Script
application/javascript 78.109.92.217
TYPHON-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.slmads.com/js/app.js?t=439552
Requested by: Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slmadshb.js
Protocol: HTTP/1.1
Security: TLS 1.0, RSA, AES_128_CBC
Server: 78.109.92.217 , France, ASN34948 (TYPHON-AS, FR),
Reverse DNS: footeo.typhon.net
Software: nginx /
Resource Hash: e78399f7337b3f53ac58c75aef7273aaf72c08e772193731e8ff8734b3b4f8ac

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 Dec 2019 10:13:36 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ccaxe
adstune.com/ Frame 230A 0
0 35ms
35ms Document
text/html 2606:4700:3031::6818:7f32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adstune.com/ccaxe?format=300x250

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.2297480718199798&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6818:7f32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adstune.com
:scheme: https
:path: /ccaxe?format=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:41 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d1b2fb6c15e36b97b6c95cca698e583a91582387241; expires=Mon, 23-Mar-20 16:00:41 GMT; path=/; domain=.adstune.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-cache-ne: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56922ca159a396da-FRA
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 529F 0
0 27ms
26ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Requested by: Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.2297480718199798&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: khaos=K6XSI9HO-W-94SP; rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKKCtlSpuIonwVQ9xrYyRPQTkQMCcCrTlkuDKR3OttFOpDwv9SSiUXyP4Wwn1rWxbuVEZ+xAvac7RQXIhonWtDKIxObX7SqHQWVv/Uu/D+hEPPQ==; audit=1|hLZGFuTafB2o61gpWfkfuLP28YeSsEsBAkaYPbo9XfjgJuRCttFx3o3/DCP5runbnEssCpn1Ox+IrbQLRWeIDyYbB5SW5XQ3ujfM1FIZ/gSma+WVcS1g3g==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 12 Feb 2020 18:47:41 GMT
Content-Encoding: gzip
Content-Length: 7693
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=45478
Expires: Sun, 23 Feb 2020 04:38:39 GMT
Date: Sat, 22 Feb 2020 16:00:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK 0412d457-ee9e-41d0-a3e6-d7a3b36496ad
beacon-eu2.rubiconproject.com/beacon/d/ Frame 33B0 43 B
268 B 37ms
36ms Image
image/webp 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/0412d457-ee9e-41d0-a3e6-d7a3b36496ad?oo=0&accountId=11662&siteId=36432&zoneId=151168&sizeId=15&e=6A1E40E384DA563B0109C770D2B4A6176188C2183D9658A2654623970C91069118432805D8D7682761D84C942F78FE12E4A9AFA6E089EF84A7F3F78FE9FDEDE14E6E7F2810FBEEB33E728AA336738FC01C45189F33B502F0956270D897C40F9BE7B1F15481FA856E19794449A5E1AD429004852F3361DE7B83009FDB9DE7981633F8630F2FDB6069
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:40 GMT
Cache-Control: private, max-age=0, no-cache
Expires: 01 Jan 1970 10:00:00 GMT
Server: Rubicon Project
Content-Length: 43
Content-Type: image/webp

GET
H2 200 ccaxe
adstune.com/ Frame 931A 0
0 38ms
37ms Document
text/html 2606:4700:3031::6818:7f32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adstune.com/ccaxe?format=300x250

Requested by

Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.4451037536604292&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6818:7f32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adstune.com
:scheme: https
:path: /ccaxe?format=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:41 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d1b2fb6c15e36b97b6c95cca698e583a91582387241; expires=Mon, 23-Mar-20 16:00:41 GMT; path=/; domain=.adstune.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-cache-ne: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56922ca179c196da-FRA
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 609A 0
0 45ms
34ms Document
text/html 23.37.55.184
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=be
Requested by: Host: optimized-by.rubiconproject.com
URL: https://optimized-by.rubiconproject.com/a/11662/36432/151168-15.js?&cb=0.4451037536604292&tk_st=1&rf=https%3A//geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf&rp_s=c&p_pos=btf&p_screen_res=1600x1200&ad_slot=36432_15&rp_secure=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKKCtlSpuIonwVQ9xrYyRPQTkQMCcCrTlkuDKR3OttFOpDwv9SSiUXyP4Wwn1rWxbuVEZ+xAvac7RQXIhonWtDKIxObX7SqHQWVv/Uu/D+hEPPQ==; khaos=K6XSI9HX-J-ERSZ; audit=1|hLZGFuTafB2Fb9SLy4zWsrP28YeSsEsBAkaYPbo9XfjgJuRCttFx3o3/DCP5runbnEssCpn1Ox+IrbQLRWeIDyYbB5SW5XQ3ujfM1FIZ/gSma+WVcS1g3g==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 12 Feb 2020 18:47:41 GMT
Content-Encoding: gzip
Content-Length: 7693
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=45478
Expires: Sun, 23 Feb 2020 04:38:39 GMT
Date: Sat, 22 Feb 2020 16:00:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK c2ee1fc2-c64b-4b1d-aa40-56f17e22fb0f
beacon-eu2.rubiconproject.com/beacon/d/ Frame 728E 43 B
268 B 55ms
35ms Image
image/webp 69.173.144.152
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/c2ee1fc2-c64b-4b1d-aa40-56f17e22fb0f?oo=0&accountId=11662&siteId=36432&zoneId=151168&sizeId=15&e=6A1E40E384DA563BC353A950EA3AEE020B5A0D243787033063B2C30A2B8985916366636B24BE49427C944150BFE58C68E4A9AFA6E089EF84998E31BCADD8A66A4E6E7F2810FBEEB33E728AA336738FC01C45189F33B502F0956270D897C40F9B2000BB53D1AF75B4343ADD1E9108CEB3F701AA483D3270E283009FDB9DE7981633F8630F2FDB6069
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.152 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:40 GMT
Cache-Control: private, max-age=0, no-cache
Expires: 01 Jan 1970 10:00:00 GMT
Server: Rubicon Project
Content-Length: 43
Content-Type: image/webp

GET
H2 200 tb Show response
15.taboola.com/ 21 KB
22 KB 104ms
39ms Script
text/html 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=forumotion-en&unitType=59&tbloc=&pageType=text&pstn=Slider%20-%20Video&uuip=&cisrf=&cirf=https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf&encoded=1&uid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&variant=644812|478567&callback=TRC.videoTagCallbacks.videoCallback1&cb=1582387241226&tagid=&cntry=BE&platform=1&sesid=4f6e07769a284677b14f6c2dad0ca58f&itemid=/t28588-urgent-help-with-trojan-zeroaccessinf&viewid=1582387241066&geolat=&geoing=&deviceifa=&appid=&sd=v2_4f6e07769a284677b14f6c2dad0ca58f_0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9_1582387241_1582387241_CNawjgYQ79g_GOrAhO2GLiABKAEwFjjqxgdA6YYQSNHewgFQ____________AVgAYAA&ri=97a0c00bc85754658faf4bb92524ace4&appname=&cdb=&gdprApplies=&rid=&sii=&oee=true&tpubid=1043567
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6645d3fd142209867c6fc505c98c8481a58bbce5853b79bf9de7b79b7bcdb02f

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.304063,VS0,VE16
machineid: 1446
x-served-by: cache-fra19154-FRA
x-cache: MISS
content-type: text/html;charset=ISO-8859-1
status: 200
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
x-cache-hits: 0
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 userx.20200218-15-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 22 KB
8 KB 25ms
24ms Script
application/javascript 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20200218-15-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/forumotion-en/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe87c9ed3ae9c73712c5484f1963b6d7e19ba5c48c51742f1bc5a84ac1dbc224

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: _kUrqH.1XNm7Z9hiAjSc9Ggq.vjqWa88
content-encoding: gzip
age: 98
x-cache: HIT
status: 200
date: Sat, 22 Feb 2020 16:00:41 GMT
x-amz-replication-status: COMPLETED
content-length: 7712
x-amz-id-2: ueaCXjmFI9YCM2I6Kn4IuDOt62QEmR9ti2mYLOFwnILgY04pKMwu066SQovPdF0W+zkeC8AD+64=
x-served-by: cache-fra19147-FRA
last-modified: Tue, 18 Feb 2020 14:20:52 GMT
server: AmazonS3
x-timer: S1582387241.242000,VS0,VE0
etag: "12aeb091867f4ad98b02d7ca2874df41"
vary: Accept-Encoding
x-amz-request-id: 707477D680D268E6
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 68
x-cache-hits: 175

GET
H2

204

rtb-h
trc.taboola.com/sg/exposebox-network/1/ Frame A9A7
Redirect Chain

https://server.exposebox.com/rcm
https://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=_j58n1zp

0
55 B

36ms
36ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=_j58n1zp
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 11
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.315688,VS0,VE11
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 204
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 google
x-powered-by: Express
location: //trc.taboola.com/sg/exposebox-network/1/rtb-h?taboola_hm=_j58n1zp
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 302
cache-control: max-age:0
alt-svc: clear
expires: 0

GET
H2

200

match
match.zorosrv.com/ Frame A9A7
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=149808ba-1acc-4e0a-84b0-b40edc27f90d
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=149808ba-1acc-4e0a-84b0-b40edc27f90d&tbid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&query=taboola_hm%3D149808ba-1acc-...
https://match.zorosrv.com/match?tabid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&extuid=149808ba-1acc-4e0a-84b0-b40edc27f90d&excid=218&query=taboola_hm%3D149808ba-1acc-4e0a-84b0-b40edc27f90d

0
316 B

30ms
28ms

Image
text/plain

151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.zorosrv.com/match?tabid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&extuid=149808ba-1acc-4e0a-84b0-b40edc27f90d&excid=218&query=taboola_hm%3D149808ba-1acc-4e0a-84b0-b40edc27f90d
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

date: Sat, 22 Feb 2020 16:00:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387243.127212,VS0,VE8
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
status: 200
x-cache-hits: 0
accept-ranges: bytes
access-control-allow-headers: X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
content-length: 0
x-served-by: cache-hhn4073-HHN

Redirect headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387242.071248,VS0,VE9
location: https://match.zorosrv.com/match?tabid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&extuid=149808ba-1acc-4e0a-84b0-b40edc27f90d&excid=218&query=taboola_hm%3D149808ba-1acc-4e0a-84b0-b40edc27f90d
x-cache: MISS
status: 302
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4073-HHN

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame A9A7 0
239 B 40ms
38ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: image/gif
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H2

200

/
trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=U7Rd5j8TZd8ndqc8KS8SpAb3M6-l2yTwssdajfWCHFE%3D

45 B
135 B

34ms
34ms

Image
image/gif

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=U7Rd5j8TZd8ndqc8KS8SpAb3M6-l2yTwssdajfWCHFE%3D
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 10
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.312079,VS0,VE10
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

Location: https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=U7Rd5j8TZd8ndqc8KS8SpAb3M6-l2yTwssdajfWCHFE%3D
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: nginx
Connection: close
Etag: "U7Rd5j8TZd8ndqc8KS8SpAb3M6-l2yTwssdajfWCHFE="
Content-Length: 0

GET
H2

200

/
trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID]
https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID]&mm_bnc&mm_bct&UUID=1b265e51-5028-4b00-9644-a00317dee7f5
https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=1b265e51-5028-4b00-9644-a00317dee7f5

0
55 B

34ms
34ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=1b265e51-5028-4b00-9644-a00317dee7f5
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 10
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.341988,VS0,VE10
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: MT3 2129 8dd2d16 master zrh-pixel-x19
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=1b265e51-5028-4b00-9644-a00317dee7f5
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 22 Feb 2020 16:00:40 GMT

GET
H2

204

/
trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Ftrc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%
https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mVDPgooR9quU&ev=1&pid=562107

0
190 B

35ms
34ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mVDPgooR9quU&ev=1&pid=562107
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 9
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.310970,VS0,VE9
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 204
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=mVDPgooR9quU&ev=1&pid=562107
content-language: en-US
status: 302
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET
H2

204

/
trc.taboola.com/sg/rtbhouse-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://creativecdn.com/cm-notify?pi=taboola
https://ams.creativecdn.com/cm-notify?pi=taboola&tc=1
https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=vj5vaNYjEIulRN9m35w0&pi=taboola&tc=1

0
51 B

33ms
33ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=vj5vaNYjEIulRN9m35w0&pi=taboola&tc=1
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 9
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.333752,VS0,VE9
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 204
accept-ranges: bytes
x-cache-hits: 0

Redirect headers

status: 302
pragma: no-cache
date: Sat, 22 Feb 2020 16:00:41 GMT, Sat, 22 Feb 2020 16:00:41 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
location: https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=vj5vaNYjEIulRN9m35w0&pi=taboola&tc=1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame A9A7 43 B
695 B 1127ms
26ms Image
image/gif 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:44 GMT
AN-X-Request-Uuid: ab5b6d82-de0b-4017-997b-e3bcb50c139a
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.210.217.115; 185.210.217.115; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.115:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc=
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOtnsjNOv5uYTac6dgw-JPM&google_cver=1

0
54 B

34ms
34ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOtnsjNOv5uYTac6dgw-JPM&google_cver=1
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 9
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.417504,VS0,VE9
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:41 GMT
server: HTTP server (unknown)
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOtnsjNOv5uYTac6dgw-JPM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame A9A7 43 B
694 B 1093ms
30ms Image
image/gif 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:44 GMT
AN-X-Request-Uuid: 7159dbcd-41e9-42ea-94ac-0b5f8890f079
Content-Type: image/gif
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.210.217.115; 185.210.217.115; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.16:80
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=3f187151-bcdc-45d0-bd74-5b4b27a5027a

0
55 B

40ms
40ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=3f187151-bcdc-45d0-bd74-5b4b27a5027a
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 10
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387241.434450,VS0,VE10
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:41 GMT
x-aspnet-version: 4.0.30319
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=3f187151-bcdc-45d0-bd74-5b4b27a5027a
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 302
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H2

200

rtb-h
trc.taboola.com/sg/storygize-network/1/ Frame A9A7
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9
https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

0
205 B

34ms
33ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 10
date: Sat, 22 Feb 2020 16:00:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387243.130733,VS0,VE10
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

Location: https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Pragma: no-cache
expires: 0
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame A9A7 35 B
380 B 1422ms
104ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:38 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 204
No Content /
cds.taboola.com/ Frame A9A7 0
176 B 3326ms
96ms Image
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9&_r=9355332
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Date: Sat, 22 Feb 2020 16:00:44 GMT
cache-control: no-store
x-envoy-upstream-service-time: 1
Server: nginx
Connection: close
Content-Length: 0

GET
H2

200

/
trc.taboola.com/sg/bidswitch-network/1/rtb-h/ Frame A9A7
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola
https://x.bidswitch.net/ul_cb/sync?ssp=taboola
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=cb8d3d33-f2c0-4230-accd-7bd509ff1319&ssp=taboola
https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=7382c36d-3d99-4492-8967-ba74b9b9c9f1

0
59 B

39ms
38ms

Image
text/plain

151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=7382c36d-3d99-4492-8967-ba74b9b9c9f1
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50

Response headers

x-vcl-time-ms: 12
date: Sat, 22 Feb 2020 16:00:43 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387244.523940,VS0,VE12
x-served-by: cache-fra19147-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

status: 302
date: Sat, 22 Feb 2020 16:00:43 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=7382c36d-3d99-4492-8967-ba74b9b9c9f1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 204 available Show response
trc.taboola.com/forumotion-en/log/3/ 0
114 B 35ms
35ms XHR
image/gif 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/forumotion-en/log/3/available?route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 10
date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19147-FRA
pragma: no-cache
server: nginx
x-timer: S1582387241.254655,VS0,VE10
content-type: image/gif
access-control-allow-origin: https://geekpolice.forumotion.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 86773a16b11940ac24f8d58cec2f8248.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 13 KB
13 KB 25ms
24ms Image
image/jpeg 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/86773a16b11940ac24f8d58cec2f8248.png
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 03b5f2e48b9e372bbb0bc35fd8f2bf41fc2a71d411d7bd8c715a73c7ab048e58

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 792763
edge-cache-tag: 547785330436857918102524990166881341998,352635776853417681536589699696160363519,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Thu, 12 Mar 2020 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/86773a16b11940ac24f8d58cec2f8248.png
content-length: 13160
x-served-by: cache-fra19149-FRA, cache-fra19147-FRA
last-modified: Mon, 10 Feb 2020 03:23:58 GMT
server: cloudinary
x-timer: S1582387241.464202,VS0,VE0
etag: "c7eece4185380dac8f034e4b0a1f0d6b"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2

GET
H2 200 f8adbbeb7a1e860ced003d6b306ac78e.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 18 KB
18 KB 26ms
25ms Image
image/jpeg 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f8adbbeb7a1e860ced003d6b306ac78e.jpg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 9aa3ad362286b868dad7ee3fe2d898284bff02d2d7f3ca8aab06500d0f117306

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 1736534
edge-cache-tag: 567152189235265797627664161018580939416,352635776853417681536589699696160363519,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Mon, 24 Feb 2020 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f8adbbeb7a1e860ced003d6b306ac78e.jpg
content-length: 18372
x-served-by: cache-fra19131-FRA, cache-fra19147-FRA
last-modified: Fri, 24 Jan 2020 11:32:44 GMT
server: cloudinary
x-timer: S1582387241.469879,VS0,VE1
etag: "2a1dba4d3a23ec24a876d350a75ee388"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 8b8b2ff2e987d48c063ca34a5361d012.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/ 18 KB
18 KB 25ms
25ms Image
image/jpeg 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/8b8b2ff2e987d48c063ca34a5361d012.jpg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: 7432fbb20ee2e12bf6f4e1c2c2b56ad56108ab50bbb4425c2bfebf2fafa83723

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 283436
edge-cache-tag: 604275047712431107110061106029232823248,352635776853417681536589699696160363519,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Wed, 26 Feb 2020 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/8b8b2ff2e987d48c063ca34a5361d012.jpg
content-length: 17975
x-served-by: cache-fra19164-FRA, cache-fra19147-FRA
last-modified: Sun, 26 Jan 2020 15:15:04 GMT
server: cloudinary
x-timer: S1582387241.489133,VS0,VE1
etag: "e46a39b2e277fb5eb5b30db9ef64039a"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 7a5d3a60b7cd4b522446f0172a174533.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 23 KB
24 KB 26ms
26ms Image
image/jpeg 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7a5d3a60b7cd4b522446f0172a174533.jpg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: bf5e5e45b4aa5aed1ec3b02388aba23b3db44fa91c54e2da0b2d12ec08af0b41

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 varnish, 1.1 varnish
age: 303212
edge-cache-tag: 527553100778965490501325031365496799607,352635776853417681536589699696160363519,29ecf9b93bbf306179626feeda1fab70
status: 200
expiration: expiry-date="Fri, 20 Mar 2020 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_334%2Cw_400%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/7a5d3a60b7cd4b522446f0172a174533.jpg
content-length: 24044
x-served-by: cache-fra19129-FRA, cache-fra19147-FRA
last-modified: Tue, 18 Feb 2020 18:00:33 GMT
server: cloudinary
x-timer: S1582387241.497016,VS0,VE1
etag: "29f44d6e07e821f2062225c347e88a9c"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1

GET
H2 200 integrator.js Show response
adservice.google.be/adsid/ 109 B
778 B 49ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.be/adsid/integrator.js?domain=geekpolice.forumotion.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
249 B 19ms
17ms Script
application/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=geekpolice.forumotion.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020021802.js Show response
securepubads.g.doubleclick.net/gpt/ 167 KB
61 KB 31ms
31ms Script
text/javascript 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Feb 2020 20:41:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62262
x-xss-protection: 0
expires: Sat, 22 Feb 2020 16:00:41 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
337 B 134ms
133ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fgeekpolice.forumotion.com%2Ft28588-urgent-help-with-trojan-zeroaccessinf%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22geekpolice%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1582387241260%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%224a203525%3A1580945701206%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 0
x-response-time: 112
pragma: no-cache
last-modified: Sat, 22 Feb 2020 16:00:41 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 8f8c8378d4c123d380f42ce2aaa3c7d7
x-transaction: 000110d1000a363f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
676 B 24ms
24ms Image
image/png 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
age: 14834
x-cache: HIT
status: 200
date: Sat, 22 Feb 2020 16:00:41 GMT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: Vjnfq2okxpLEG/cBVxSfv3DOOCGN7KTpixt29L7DwUhoZL6eRlgDSODZqhfatrYL58q01gaLKf4=
x-served-by: cache-fra19147-FRA
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1582387241.287236,VS0,VE0
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-request-id: F6D91014AAA6CDC4
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 68
x-cache-hits: 21130

GET
H2 200 lite-unit.min.js Show response
vidstat.taboola.com/lite-unit/1.0.4/ 9 KB
3 KB 318ms
21ms Script
application/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/1.0.4/lite-unit.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200218-15-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32870641cd71c926b0a86673ed4efa9b3241d91e091b7a85a26a76f16f3ebf61

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 a56a2e7149e67774870adaf614e87aa1.cloudfront.net (CloudFront), 1.1 varnish
age: 272984
x-cache: Miss from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 2872
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 19 Feb 2020 10:07:53 GMT
server: AmazonS3
x-timer: S1582387242.809135,VS0,VE0
etag: "946b6a38ee1dc7dd7f8225e25550416f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: 7R75VRlwkzu8QZjYBurekdUy2XoPG-jcEgsAJq0lfptMsTpjacZaiQ==
x-cache-hits: 1093293

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 47ms
12ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20200222

Requested by

Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slm.prebid.3.7.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

838710715f3ae7a751cdc9b6de612e77571a840f7a390f6e354a1096e437dc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: text/plain

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cache: HIT
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-served-by: cache-fra19161-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"536-ZceQyOTlSiDA55sQKSxX/IREnZc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 56922ca36a850eab-FRA

GET
H/1.1 200 1.json Show response
id5-sync.com/g/v1/ 131 B
454 B 197ms
68ms XHR
text/json 46.105.105.90
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v1/1.json?1puid=&gdpr=0&gdpr_consent=

Requested by

Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slm.prebid.3.7.1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

46.105.105.90 , France, ASN16276 (OVH, FR),

Reverse DNS

s09.id5-sync.com

Software

Resource Hash

370b552445d23352665910e1d09c61c4222a4bae042a884b0ea97fbc9c7f315e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Date: Sat, 22 Feb 2020 16:00:41 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/json;charset=utf-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 138 B
844 B 845ms
26ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slm.prebid.3.7.1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

b4681ba83d0f96422ead40f22a0a3bf90038c4f61bad6828a8cfab751cbe8b99

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:44 GMT
X-Proxy-Origin: 185.210.217.115; 185.210.217.115; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.49:80
AN-X-Request-Uuid: 670261e8-970d-4cc1-b71f-11335adccf0e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 304 B
996 B 164ms
45ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 92eab69dbd8201984039ce4823c549843d29de167b650dd0c98b43662e008a0d

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 304
Expires: Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 / Show response
logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/ 0
227 B 3154ms
52ms Fetch 52.19.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/
Requested by: Host: ads.slmads.com
URL: https://ads.slmads.com/js/app.js?t=439552
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.82.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-82-46.eu-west-1.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://geekpolice.forumotion.com
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Access-Control-Request-Headers: content-type

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:44 GMT
server: openresty/1.15.8.2
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Content-Length, Authorization, x-logsene-origin
content-length: 0
access-control-allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 265 KB
90 KB 58ms
39ms Script
text/javascript 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js?_=1582387241664

Requested by

Host: ads.slmads.com
URL: https://ads.slmads.com/js/app.js?t=439552

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da78e50b8650f5606faeb45314226de41ef00b83656ff91a5ead0614d4efb11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 92089
x-xss-protection: 0
expires: Sat, 22 Feb 2020 16:00:41 GMT

GET
H/1.1 200
OK videos Show response
api.dailymotion.com/playlist/x6hfyl/ 3 KB
5 KB 270ms
168ms Script
application/javascript 195.8.215.129
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.dailymotion.com/playlist/x6hfyl/videos?fields=id,title,thumbnail_360_url,description&sort=recent&limit=20&callback=jQuery2240448741802345328_1582387241665&_=1582387241666

Requested by

Host: ads.slmads.com
URL: https://ads.slmads.com/js/app.js?t=439552

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

195.8.215.129 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

api-origin.dailymotion.com

Software

DMS/1.0.42 /

Resource Hash

1c96742b44776fe32e99be10be813221ed890f228adb37b40885c77a6f90ed5f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: upgrade-insecure-requests
Access-Control-Allow-Methods: GET, POST, DELETE
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Disposition: attachment; filename=dailymotion.txt
X-Dm-Api-Method: list_videos
X-DM-BackNode-Response-Time: 139
X-Dm-Api-Object: playlist
Content-Length: 3506
Cache-Control: public, max-age=900, stale-if-error=900
X-DM-LB-Name: lb-09
Access-Control-Allow-Headers: Content-Type, Authorization
X-DM-Random-Number: 2690139
Server: DMS/1.0.42
X-DM-Cache-Status: MISS
X-Frame-Options: DENY
Date: Sat, 22 Feb 2020 16:00:41 GMT
Expect-Ct: max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Vary: X-DM-SSL
X-DM-BackNode: web-461.adm.dc3.dailymotion.com:80
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
X-DM-Edge: DMParis
Connection: Keep-Alive
X-Robots-Tag: noindex
Keep-Alive: timeout=60, max=4986
X-DM-LB-IP: 195.8.215.129
Access-Control-Expose-Headers: Date, X-DM-BackNode-Response-Time, X-DM-Edge, X-DM-Cache-Status, X-Served-By, X-DM-BackNode-Response-Time

GET
H/1.1 200
OK sync.js Show response
api.viglink.com/api/ 0
307 B 39ms
39ms Script
text/plain 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/sync.js?key=0d80ae9fe71cec9484f682bd59232f9e
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
api.viglink.com/api/ 0
307 B 157ms
40ms Image
text/plain 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.viglink.com/api/sync.gif?key=0d80ae9fe71cec9484f682bd59232f9e
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 116 B
574 B 74ms
53ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: c9513d81feee57d5a3572160c245bca1fedaa777fe0700975da6511a645786da

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 116
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK insert Show response
api.viglink.com/api/ 47 KB
8 KB 156ms
84ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/insert
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: a149c4fbc32ff61e3a1056193092cc1da68b8b4fe27c02780768bd0c92f66772

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Content-Encoding: gzip
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
transfer-encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 st
imprammp.taboola.com/ Frame C13E 0
0 280ms
29ms Document
text/plain 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cipid=8015557&ttype=0&cirid=24963CB1F156163313684521638&cicmp=1637385&cijs=1&dast=V7rtECFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81mMdktl8PhaDXZTcFhyk6Ty3JQC2RNk8vvBic0nQ6f616vc7m8hr_Z6XHZZX7L6-03Pf12u8bv9osuw9VwuFZdfi676S10mQ1v3dN0dIsuf6vD7pa-LH-Hx-PyfJ52mx0AAAAAHgCUVAIhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADKyqNQAoOBLm77ZYXjabyx8AAA8FIAAAAhgkAALjKyUAFORDJwAAAAAAAAAALP____8xAHpOxTIAGPwJNwY9AA8-AA9CAAAAF0PYm-PQsuhFVUQFpkWMAAAAAHKls-eOJnVCZVEFAECQbgVwBQAQANcWGvKVpTso8RYGAAAQMLZAD4vfb3bYNX63ywAAAAAAAAAAzP7P_tGElC4a04AmdSbVfgEBANZ-AQEA2NQNAOBNAC7oDGw0Gi4mqzOg3XA1280OAAAA4O7___9fD4RmtpVht5stF5bhaLbbTRyjmW1jGTlMho3DNZx5b6Pmq3NRW6mjz2HKTpPLclALZE2Ty2-_CVuMVpPJZjmcLReTwXA0HI32J4CDAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGExwQoajzWQ12q12k-VwMhrNNpMNUrRqNRttBsPVbDLb7VbDwXA5GiFFaxazyWQxGy13m8FyMhoMJ8MhwsDI4_JsVh63buPwuEUTh22tMKx8a5FvM3OYdpPRxmVci14f02u0MLkWzike1Oni2NcuXBQMoNmL4CKdyPyW19tvevrtbpXdIpZoThbpRHbZl2a2lWG3my0XluFotttNHKOZbWMZOUyGjcM1nPkLI4_Ls1l53LqNw-MWTRy2tcKw8q1Fvs3MYdpNRhuXcS16fUyv0cLkWjj3jdVwshnuJqPFvrEaTjbD3WS02HfoDN_V52z0ljt_j095EP2UHZnpoHAZLN6NanUcfyYHbdlsdOpElu9nY_T7_X6_3-_3-_1-g9ZzMBsMilgiOF2kE9HLeLqIJZKnRTpR7haGjWEw8RhXu9VothrOHDbTxOKcrCajhcdlmoglStNFOtGLLsPVcLhWXX4uu-ktdJkNb93TdHSLLn-rw-6Wvix_h8fj8nyedptF_ceHGK7mksVgLlns5orFapUAAAAAAAAAAJYwZ94EAAAA4DSI4XIy2S0X4IH9rbjx4wbzW15vv-npt7tVdjNvBg!&excid=22&tst=1&docw=0&cs=false
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cipid=8015557&ttype=0&cirid=24963CB1F156163313684521638&cicmp=1637385&cijs=1&dast=V7rtECFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81mMdktl8PhaDXZTcFhyk6Ty3JQC2RNk8vvBic0nQ6f616vc7m8hr_Z6XHZZX7L6-03Pf12u8bv9osuw9VwuFZdfi676S10mQ1v3dN0dIsuf6vD7pa-LH-Hx-PyfJ52mx0AAAAAHgCUVAIhfgABACIAAAAAJAAAAAAoAir-LQQuAAAAADAADKyqNQAoOBLm77ZYXjabyx8AAA8FIAAAAhgkAALjKyUAFORDJwAAAAAAAAAALP____8xAHpOxTIAGPwJNwY9AA8-AA9CAAAAF0PYm-PQsuhFVUQFpkWMAAAAAHKls-eOJnVCZVEFAECQbgVwBQAQANcWGvKVpTso8RYGAAAQMLZAD4vfb3bYNX63ywAAAAAAAAAAzP7P_tGElC4a04AmdSbVfgEBANZ-AQEA2NQNAOBNAC7oDGw0Gi4mqzOg3XA1280OAAAA4O7___9fD4RmtpVht5stF5bhaLbbTRyjmW1jGTlMho3DNZx5b6Pmq3NRW6mjz2HKTpPLclALZE2Ty2-_CVuMVpPJZjmcLReTwXA0HI32J4CDAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGExwQoajzWQ12q12k-VwMhrNNpMNUrRqNRttBsPVbDLb7VbDwXA5GiFFaxazyWQxGy13m8FyMhoMJ8MhwsDI4_JsVh63buPwuEUTh22tMKx8a5FvM3OYdpPRxmVci14f02u0MLkWzike1Oni2NcuXBQMoNmL4CKdyPyW19tvevrtbpXdIpZoThbpRHbZl2a2lWG3my0XluFotttNHKOZbWMZOUyGjcM1nPkLI4_Ls1l53LqNw-MWTRy2tcKw8q1Fvs3MYdpNRhuXcS16fUyv0cLkWjj3jdVwshnuJqPFvrEaTjbD3WS02HfoDN_V52z0ljt_j095EP2UHZnpoHAZLN6NanUcfyYHbdlsdOpElu9nY_T7_X6_3-_3-_1-g9ZzMBsMilgiOF2kE9HLeLqIJZKnRTpR7haGjWEw8RhXu9VothrOHDbTxOKcrCajhcdlmoglStNFOtGLLsPVcLhWXX4uu-ktdJkNb93TdHSLLn-rw-6Wvix_h8fj8nyedptF_ceHGK7mksVgLlns5orFapUAAAAAAAAAAJYwZ94EAAAA4DSI4XIy2S0X4IH9rbjx4wbzW15vv-npt7tVdjNvBg!&excid=22&tst=1&docw=0&cs=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
server: nginx
accept-ranges: bytes
date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 varnish
x-served-by: cache-hhn4073-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1582387242.086045,VS0,VE9
content-length: 0

GET
H2 200 cmTagSLIDER_INSTREAM.js Show response
vidstat.taboola.com/vpaid/units/27_3_17/infra/ 648 KB
147 KB 22ms
21ms Script
application/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/27_3_17/infra/cmTagSLIDER_INSTREAM.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/1.0.4/lite-unit.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90974da6d9d353c86066c1df50b0f60688d54b8096964de413b8ff66412263d8

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront), 1.1 varnish
age: 531188
x-cache: Miss from cloudfront, HIT
x-amz-meta-ctime: 1581854847
status: 200
x-amz-meta-mode: 33188
x-cache-hits: 46208
content-encoding: gzip
content-length: 150640
x-served-by: cache-hhn4062-HHN
last-modified: Sun, 16 Feb 2020 12:07:29 GMT
server: AmazonS3
x-timer: S1582387242.835155,VS0,VE0
etag: "a0e23eb09196c7d3ff6747e90232ae45"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: qokJFeRsoClXqprfVyvmSPtXkNedyZa4bLlHYRO3s57oVXPpg_pqLQ==
x-amz-meta-mtime: 1581854792

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/27_3_17/assets/css/ 35 KB
7 KB 21ms
21ms Stylesheet
text/css 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/27_3_17/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/1.0.4/lite-unit.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 099ae698b2292d7ec4a45c32230ac80d194d9d8cebebd634f38a2e132535d209

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: style

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 65715c6e447bfc4ebcfb81f088c7e3f3.cloudfront.net (CloudFront), 1.1 varnish
age: 532369
x-cache: Miss from cloudfront, HIT
x-amz-meta-ctime: 1581854803
status: 200
x-amz-meta-mode: 33188
x-cache-hits: 464313
content-encoding: gzip
content-length: 6391
x-served-by: cache-hhn4062-HHN
last-modified: Sun, 16 Feb 2020 12:06:45 GMT
server: AmazonS3
x-timer: S1582387242.835277,VS0,VE0
etag: "76bd13a8460ed90f741d58a4422b501d"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53
accept-ranges: bytes
content-type: text/css
x-amz-cf-id: 1LHDOBwhBNg-zAAxoLGkPYzSefuCd9dDgDBvcwRrCcLu1OaXXNkswg==
x-amz-meta-mtime: 1581854789

POST
H/1.1 200
OK optimize Show response
api.viglink.com/api/ 28 B
485 B 58ms
41ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/optimize
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 888efe26d813e1c9bab436a8658c12d5628ca46307a1424871c2b1f749bb1e96

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 28
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 PMS.js Show response
vidstat.taboola.com/PMS/3.0.2/ 48 KB
15 KB 21ms
20ms Script
application/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/PMS/3.0.2/PMS.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_3_17/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1170e00e92925b24293c851e00bbefb2aef3c1565b0d124f99b3bcb44b17fdc9

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 1d0fc03b30809d10a25a905ba30d8170.cloudfront.net (CloudFront), 1.1 varnish
age: 520424
x-cache: Miss from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 15496
x-served-by: cache-hhn4062-HHN
last-modified: Sun, 16 Feb 2020 15:26:07 GMT
server: AmazonS3
x-timer: S1582387242.939900,VS0,VE0
etag: "d66d1deea1e7a998d375078a0e13fca8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53
accept-ranges: bytes
x-amz-cf-id: 937p85Pwyt6Wfsti2QPblnDzRSnpOrrP8kUge7rR3pyn9Gt_CCemog==
x-cache-hits: 1370878

GET
H2 200 all.js Show response
api.dmcdn.net/ 29 KB
10 KB 1121ms
32ms Script
application/x-javascript 178.79.227.167
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://api.dmcdn.net/all.js
Requested by: Host: ads.slmads.com
URL: https://ads.slmads.com/js/app.js?t=439552
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.79.227.167 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-167.vie.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 6128639c8a7b8d51293d0012d9536db53b9f42649c98aa398e0f6031df3b295e

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:43 GMT
content-encoding: gzip
nel: {"report_to":"telemetry","max_age":7776000,"include_subdomains":true,"failure_fraction":1.0}
age: 868849
status: 200
content-length: 9647
last-modified: Wed, 12 Feb 2020 14:32:49 GMT
server: DMS/1.0.42
etag: "5e440c91-72b4"
vary: Accept-Encoding
report-to: {"group":"telemetry","max_age":7776000,"endpoints":[{"url":"https://telemetry.dailymotion.com/"}],"include_subdomains":true}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=43200, s-maxage=3600
accept-ranges: bytes
expires: Wed, 12 Feb 2020 15:39:54 GMT

GET
H2 200 content14_10_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 27ms
27ms Script
application/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/content14_10_18m.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_3_17/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:41 GMT
via: 1.1 e0064d0a2437e206ed082e1fa1cdae61.cloudfront.net (CloudFront), 1.1 varnish
age: 1589278
x-cache: Hit from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 7638
x-served-by: cache-hhn4062-HHN
last-modified: Sun, 14 Oct 2018 13:31:31 GMT
server: AmazonS3
x-timer: S1582387242.999233,VS0,VE0
etag: "d8d81221ec6e604811ce469d899c9c8b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: omj5vaGwuVO0u1DUElZ04p0xjblvLHfKzDESlIUndnM3CZOy52LCcg==
x-cache-hits: 3593023

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/ 544 KB
140 KB 23ms
23ms Script
application/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_3_17/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18e2a79c51c0d8562427f979bfdba04e1526b5cb78601788f1b4c8002b007f74

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 ec27b2a550cb7db6ef54f74603010b29.cloudfront.net (CloudFront), 1.1 varnish
age: 453841
x-cache: Miss from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
x-cache-hits: 1354535
content-encoding: gzip
content-length: 142781
x-served-by: cache-hhn4062-HHN
last-modified: Mon, 17 Feb 2020 07:30:38 GMT
server: AmazonS3
x-timer: S1582387242.007827,VS0,VE0
etag: "4739978f3cc67c2ccf30ed8318e664d8"
x-amz-meta-uid: 0
vary: Accept-Encoding
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: qGhAgXcUlCi1VxByln9F-GPxPjeXuozsVHphV1PYmqhhJLjZ8vs3aw==
x-amz-meta-mtime: 1581924637

GET
H2 200 sync
match.taboola.com/ Frame E88E 0
0 82ms
34ms Document
text/html 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sync?dast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&excid=22&docw=0&cijs=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_3_17/infra/cmTagSLIDER_INSTREAM.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sync?dast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&excid=22&docw=0&cijs=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=0dce33ec-7cac-4ba6-a0e7-d73fa4724ce8-tuct54ad5a9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 3403
accept-ranges: bytes
date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 varnish
x-served-by: cache-hhn4073-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1582387242.071340,VS0,VE9

GET
H2 200 st
convammp.taboola.com/ 0
76 B 33ms
31ms Image
text/plain 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://convammp.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8015557&crid=4860545&dast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&cmcv=&pix=31589837&cb=1582387241983&uv=27317&tms=1582387241983&abt=affp_vC!expl_vB!utb11_vB&ft=0&unm=SLIDER_INSTREAM&debug=pn:!sqg:!torgn:1582387232466.1863!ts:1582387241983&
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387242.024721,VS0,VE9
x-served-by: cache-fra19154-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 st
convammp.taboola.com/ 0
52 B 33ms
31ms Image
text/plain 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://convammp.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=8015557&crid=4860545&dast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&cmcv=&pix=31579697&cb=1582387241998&uv=27317&tms=1582387241998&abt=affp_vC!expl_vB!utb11_vB&ft=0&unm=SLIDER_INSTREAM
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 varnish
server: nginx
x-timer: S1582387242.024727,VS0,VE9
x-served-by: cache-fra19154-FRA
x-cache: MISS
status: 200
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 loading2.png
vidstat.taboola.com/assets/ 24 KB
24 KB 23ms
21ms Image
image/png 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/loading2.png
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4f2b7e987474183ea3293084c5069b7a5227876ed8fa10da3dd3588ee7124c16

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 60a935292c9892b0b7f9e56f65af863a.cloudfront.net (CloudFront), 1.1 varnish
age: 702673
x-cache: Hit from cloudfront, HIT
status: 200
x-amz-meta-mode: 33188
x-cache-hits: 352381
content-length: 24300
x-served-by: cache-hhn4062-HHN
last-modified: Sun, 02 Jul 2017 14:25:04 GMT
server: AmazonS3
x-timer: S1582387242.022668,VS0,VE0
etag: "ead84d746b6ee07ee78dc4243d7349c8"
x-amz-meta-uid: 0
x-amz-meta-gid: 0
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: G4P2bsVURwUd-6ftn_beps3mb7kmsffmK8YE2wwAUVs5--MeiZC6SQ==
x-amz-meta-mtime: 1498646328

GET
H2 200 replay-button.svg
vidstat.taboola.com/assets/ 1 KB
993 B 24ms
22ms Image
image/svg+xml 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/replay-button.svg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a9aca50019231f85f469a5e0019bf363b41b9886b238a44bb1fe837ca4408da1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 60a935292c9892b0b7f9e56f65af863a.cloudfront.net (CloudFront), 1.1 varnish
age: 702674
x-cache: Hit from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 701
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 13 Feb 2019 09:30:13 GMT
server: AmazonS3
x-timer: S1582387242.023296,VS0,VE0
etag: "e871e80b457ead7801d3bbe63b25c4fb"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2
accept-ranges: bytes
x-amz-cf-id: K6gb4TYmkXxzzpp8H2RmDk8mc81SCp6cHv6D8c6l4r3wBzJ_XK-xbQ==
x-cache-hits: 337949

GET
H2 200 replay-button-hover.svg
vidstat.taboola.com/assets/ 1 KB
936 B 24ms
23ms Image
image/svg+xml 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/replay-button-hover.svg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d92c3106afa291abcefd52dd891825af921521fb643b4ce9e432e7d555bba2f8

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront), 1.1 varnish
age: 1395048
x-cache: Hit from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 709
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 13 Feb 2019 09:30:13 GMT
server: AmazonS3
x-timer: S1582387242.023323,VS0,VE0
etag: "ae0344bce724db935e4f7ba6573ee516"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: BvOIM6Ru-sj1Zuk8Pv4KwWWtNjjN_qkQBQVKUVBbjGSvlxOJWOiTWQ==
x-cache-hits: 602577

GET
H2 200 learn-more-button.svg
vidstat.taboola.com/assets/ 2 KB
919 B 23ms
22ms Image
image/svg+xml 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/learn-more-button.svg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0648e82e4c77d04dac47abdae61b19b9a5adb1890fceb13a6d9e89c04c060a8

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront), 1.1 varnish
age: 1424638
x-cache: Miss from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 634
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 13 Feb 2019 09:30:12 GMT
server: AmazonS3
x-timer: S1582387242.023227,VS0,VE0
etag: "3132e8c3bdd274efa7ce1531ec89580d"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: oN72cAAVKwvn1GJ4MZDIQi3y4vHm--RqZWj9LNg2dBhXT141wINHrw==
x-cache-hits: 600520

GET
H2 200 learn-more-button-hover.svg
vidstat.taboola.com/assets/ 2 KB
924 B 23ms
22ms Image
image/svg+xml 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vidstat.taboola.com/assets/learn-more-button-hover.svg
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e93981763fee7adb1384f54134ae21113517f9e80febe5d0d80f01a75eb97e90

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

date: Sat, 22 Feb 2020 16:00:42 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront), 1.1 varnish
age: 1395047
x-cache: Hit from cloudfront, HIT
status: 200
content-encoding: gzip
content-length: 660
x-served-by: cache-hhn4062-HHN
last-modified: Wed, 13 Feb 2019 09:30:11 GMT
server: AmazonS3
x-timer: S1582387242.023195,VS0,VE0
etag: "b14888c73642ebc29c1451727eb1eb8a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: ZDqQ-5Xcpbcna9hH6Q_Y9h6blg6jnT4mc-LZJehSirPojNmToP3qjA==
x-cache-hits: 602883

GET
H2 200 c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
cdn.taboola.com/static/c5/ 3 KB
2 KB 24ms
24ms Image
image/svg+xml 151.101.14.2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/c5/c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: 3GoWmPpnzFDs5CP3.ebHbCmhALWQMuvH
content-encoding: gzip
age: 22
x-cache: HIT
status: 200
date: Sat, 22 Feb 2020 16:00:42 GMT
x-amz-replication-status: COMPLETED
content-length: 1502
x-amz-id-2: JYczwruTSs8FLVxu8512QCqLJUxk72yhUYVxQr+eMywv4MT2iayD5Jg7z9BLvsGnVEORADXftoI=
x-served-by: cache-fra19147-FRA
access-control-allow-origin: *
last-modified: Sun, 10 Jun 2018 13:23:55 GMT
server: AmazonS3
x-timer: S1582387242.311317,VS0,VE0
etag: "11d8569a7da0739259e3ac0b0d666e94"
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: E19C2AE0E2AC2128
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *
abp: 68
x-cache-hits: 15

POST
H/1.1 202
Accepted inserted Show response
api.viglink.com/api/ 0
417 B 47ms
46ms XHR
text/plain 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/inserted
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:42 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
BLOB 206
Partial Content f2300d39-0d6b-4446-b13c-e444867f55a8
https://geekpolice.forumotion.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://geekpolice.forumotion.com/f2300d39-0d6b-4446-b13c-e444867f55a8
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content 43ca5518-0b02-4ffb-ae3f-0b9f9f030e87
https://geekpolice.forumotion.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://geekpolice.forumotion.com/43ca5518-0b02-4ffb-ae3f-0b9f9f030e87
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 42 B
499 B 43ms
42ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: b7bbe7d86b20624424b439a38c94279a2796320d975857b844673d8d76b405c2

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:42 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK optimize Show response
api.viglink.com/api/ 28 B
485 B 40ms
40ms XHR
text/javascript 52.17.159.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/optimize
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.159.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-159-142.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: fe513a7b6a5f1a53c13638bb35890cd1f87e98997dd645e66c7ec65ddbd79f5b

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 22 Feb 2020 16:00:43 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://geekpolice.forumotion.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 28
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 1 KB
1 KB 95ms
94ms XHR
application/json 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=4860545&noaop=2&sortOrderType=0&cb=1582387243180&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1099&pt=-181989869&tz=60&viewable=true&ddast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&dtagid=1369155&dpubid=189227&abtst=affp_vC!expl_vB!utb11_vB&mPre=0.033&cirf=https%3A%2F%2Fgeekpolice.forumotion.com&en=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 411c623857d9f624b95594f301fd746098cf7d0a346cf43c34b39be8d711d1ee

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-type: text/plain

Response headers

date: Sat, 22 Feb 2020 16:00:43 GMT
via: 1.1 varnish
machineid: 1426
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1248
x-served-by: cache-fra19154-FRA
pragma: no-cache
server: nginx
x-timer: S1582387243.196673,VS0,VE69
content-type: application/json;charset=utf-8
access-control-allow-origin: https://geekpolice.forumotion.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Cookie set x7rrkmd
www.dailymotion.com/embed/video/ Frame AF06 0
0 261ms
173ms Document
text/html 195.8.215.136
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dailymotion.com/embed/video/x7rrkmd?api=postMessage&autoplay=true&controls=false&id=f1ed977a13456cc&mute=true&origin=https%3A%2F%2Fgeekpolice.forumotion.com&syndication=123503&ui-highlight=FFFFFF

Requested by

Host: api.dmcdn.net
URL: https://api.dmcdn.net/all.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

195.8.215.136 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

www.dailymotion.com

Software

DMS/1.0.42 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31708800; includeSubDomains

Request headers

Host: www.dailymotion.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Server: DMS/1.0.42
X-DM-BackNode: web-594.adm.dc3.dailymotion.com:80
Vary: X-DM-SSL,Accept-Encoding
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Content-Security-Policy: upgrade-insecure-requests
Access-Control-Expose-Headers: X-DM-BackNode-Response-Time
Strict-Transport-Security: max-age=31708800; includeSubDomains
Date: Sat, 22 Feb 2020 16:00:43 GMT
Link: <https://static1.dmcdn.net>; rel=preconnect,<https://ajax.googleapis.com>; rel=preconnect
Keep-Alive: timeout=60, max=4994
X-DM-LB-IP: 195.8.215.136
X-DM-LB-Name: lb-09
X-DM-BackNode-Response-Time: 143
Connection: Keep-Alive
Set-Cookie: ts=343522; expires=Mon, 22-Mar-2021 16:00:43 GMT; Max-Age=34041600; path=/; domain=.dailymotion.com; Secure; SameSite=none; sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; Secure; SameSite=none; sdx=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; Secure; SameSite=none; su_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ su_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ su_sdx=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ client_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; Secure; SameSite=none; access_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; Secure; SameSite=none; refresh_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=; Secure; SameSite=none; dmvk=5e51502b4a3a9; path=/; domain=.dailymotion.com; Secure; SameSite=none; v1stsamesite=1; expires=Sat, 22-Aug-2020 15:00:43 GMT; Max-Age=15721200; path=/; domain=.dailymotion.com; Secure; SameSite=none; v1st=21CA952107ACD6DE43E773EAC536FBEB; expires=Tue, 23 Mar 2021 16:00:43 GMT; max-age=34128000; path=/; Secure; SameSite=None; domain=.dailymotion.com
Expect-Ct: max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Length: 10701

OPTIONS
H2 200 / Show response
logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/ 0
227 B 1030ms
52ms Fetch 52.19.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/
Requested by: Host: ads.slmads.com
URL: https://ads.slmads.com/js/app.js?t=439552
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.82.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-82-46.eu-west-1.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://geekpolice.forumotion.com
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Access-Control-Request-Headers: content-type

Response headers

status: 200
date: Sat, 22 Feb 2020 16:00:44 GMT
server: openresty/1.15.8.2
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Content-Length, Authorization, x-logsene-origin
content-length: 0
access-control-allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE

POST
H2 201 / Show response
logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/ 127 B
339 B 38ms
37ms Fetch 52.19.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.82.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-82-46.eu-west-1.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e0c663a4e3c1037608a7f536ab6b96e26180de12fc9ef04d35bbe06a3668f0d1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/json

Response headers

date: Sat, 22 Feb 2020 16:00:44 GMT
server: openresty/1.15.8.2
status: 201
vary: Accept-Encoding, User-Agent
access-control-allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 127

POST
H2 201 / Show response
logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/ 127 B
339 B 37ms
37ms Fetch 52.19.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://logsene-receiver.eu.sematext.com/289fbfb0-727d-4942-aa7e-6835561e7cb1/slm-video/
Requested by: Host: geekpolice.forumotion.com
URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.82.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-82-46.eu-west-1.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e0c663a4e3c1037608a7f536ab6b96e26180de12fc9ef04d35bbe06a3668f0d1

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-Type: application/json

Response headers

date: Sat, 22 Feb 2020 16:00:44 GMT
server: openresty/1.15.8.2
status: 201
vary: Accept-Encoding, User-Agent
access-control-allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 127

GET
H2 200 bridge3.369.0_en.html
imasdk.googleapis.com/js/core/ Frame 1232 0
0 6ms
6ms Document
text/html 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.369.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js?_=1582387241664

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.369.0_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: iframe
Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 195778
date: Wed, 19 Feb 2020 04:20:09 GMT
expires: Thu, 18 Feb 2021 04:20:09 GMT
last-modified: Wed, 19 Feb 2020 04:11:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 301235
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
11 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js?_=1582387241664

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

date: Sat, 22 Feb 2020 16:00:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10523
x-xss-protection: 0
expires: Sat, 22 Feb 2020 16:00:44 GMT

GET
H2 200 / Show response
ads.viralize.tv/display/ 135 B
498 B 421ms
124ms Script
text/javascript 35.186.238.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.viralize.tv/display/?zid=AADcmtDxwBuvdWye
Requested by: Host: ads.sportslocalmedia.com
URL: https://ads.sportslocalmedia.com/slm.prebid.forumactif.js?2637312
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.186.238.232 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.238.186.35.bc.googleusercontent.com
Software: TornadoServer/2.4.1, Unknown /
Resource Hash: ada57a5efa48aec9d5affe43a7252ded6941a27352d3e79f31b7650f2b029dd0

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 22 Feb 2020 16:00:45 GMT
content-encoding: gzip
server: TornadoServer/2.4.1, Unknown
etag: W/"026b7414fcb706cd1a8872a77a71d5590e829716"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
via: 1.1 google
expires: 0

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 1 KB
1 KB 87ms
86ms XHR
application/json 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=4860545&noaop=2&sortOrderType=0&cb=1582387248383&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1099&pt=-181989869&tz=60&viewable=true&ddast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&dtagid=1369155&dpubid=189227&abtst=affp_vC!expl_vB!utb11_vB&mPre=0.033&cirf=https%3A%2F%2Fgeekpolice.forumotion.com&en=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 359746750671670359a90de0fd99881617837637d9da47aa25c131d85ed44c34

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-type: text/plain

Response headers

date: Sat, 22 Feb 2020 16:00:48 GMT
via: 1.1 varnish
machineid: 1404
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1304
x-served-by: cache-fra19154-FRA
pragma: no-cache
server: nginx
x-timer: S1582387248.394785,VS0,VE64
content-type: application/json;charset=utf-8
access-control-allow-origin: https://geekpolice.forumotion.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 1 KB
1 KB 129ms
128ms XHR
application/json 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=4860545&noaop=2&sortOrderType=0&cb=1582387253385&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=3&pv=1099&pt=-181989869&tz=60&viewable=true&ddast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&dtagid=1369155&dpubid=189227&abtst=affp_vC!expl_vB!utb11_vB&mPre=0.033&cirf=https%3A%2F%2Fgeekpolice.forumotion.com&en=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 359746750671670359a90de0fd99881617837637d9da47aa25c131d85ed44c34

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-type: text/plain

Response headers

date: Sat, 22 Feb 2020 16:00:53 GMT
via: 1.1 varnish
machineid: 1438
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1304
x-served-by: cache-fra19154-FRA
pragma: no-cache
server: nginx
x-timer: S1582387253.399142,VS0,VE106
content-type: application/json;charset=utf-8
access-control-allow-origin: https://geekpolice.forumotion.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 1 KB
1 KB 156ms
156ms XHR
application/json 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=400&height=225&pubid=198827&tagid=1020237&crid=4860545&noaop=2&sortOrderType=0&cb=1582387258387&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=4&pv=1099&pt=-181989869&tz=60&viewable=true&ddast=V7yc0CFgNbS6YKwsR2HARbS6YKwsR2HAUAAAAGBjsHGzJazjYbCmPGWM0Ws81msZkNR6vJYrYZDmFDRsvZZkNhzBir2WK22Swmu-VyOBytJrspOEzZaXJZDmqBrGly-d3ghKbT4XPd63Uul9fwNzs9LrvMb3m9_aan327X-N1-0WW4Gg7XqsvPZTe9hS6z4a17mo5u0eVvddjd0pfl7_B4XJ7P026zAwAAAMADgJJKIMQPIABABAAAAIAEAAAAAEVAxb-FwAUAAAAABoCBVbUGAAVHwvzdFsvLZnP5AwDgoQAEAEAAgwRAYHylBICCfOgEAAAAAAAAAIDl____PwZAz6lYBgCDP6EH4MEH4IGowLSIEQAAAECudPbc0aROqCyqAAAI0q0ArgAAAuDaQkO-wgAAAALGFuhh8fvNDrvG73YZAAAAAAAAAIDZ_9k_mpDSRWMa0KTOpNovIADA2i8gAACbugEAvAnABZ2BjUbDxWR1BrQbrma72QEAAADc_f___-uB0My2Mux2s-XCMhzNdruJYzSzbSwjh8mwcbiGM-9t1Hx1LmordfQ5TNlpclkOaoGsaXL57Tdhi9FqMtksh7PlYjIYjoaj0f4EcDDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCU7IcLSZrEa71W6yHE5Go9lmskGKVq1mo81guJpNZrvdajgYLkcjpGjNYjaZLGaj5W4zWE5Gg-FkOEQYGHlcns3K49ZtHB63aOKwrRWGlW8t8m1mDtNuMtq4jGvR62N6jRYm18I5xYM6XRz72oWLggE0exFcpBOZ3_J6-01Pv92tslvEEs3JIp3ILvvSzLYy7Haz5cIyHM12u4ljNLNtLCOHybBxuIYzf2HkcXk2K49bt3F43KKJw7ZWGFa-tci3mTlMu8lo4zKuRa-P6TVamFwL576xGk42w91ktNg3VsPJZribjBb7Dp3hu_qcjd5y5-_xKQ-in7IjMx0ULoPFu1GtjuPP5KAtm41Oncjy_WyMfr_f7_f7_X6_32_Qeg5mg0ERSwSni3QiehlPF7FE8rRIJ8rdwrAxDCYe42q3Gs1Ww5nDZppYnJPVZLTwuEwTsURpukgnetFluBoO16rLz2U3vYUus-Gte5qObtHlb3XY3dKX5e_weFyez9Nus6j_-BDD1VyyGMwli91csVitEgAAAAAAAADAEubMmwAAAACcBjFcTia75QI8sL8VN37cYH7L6-03Pf12t8pu5g!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&dtagid=1369155&dpubid=189227&abtst=affp_vC!expl_vB!utb11_vB&mPre=0.033&cirf=https%3A%2F%2Fgeekpolice.forumotion.com&en=1&cdb=&gdprApplies=false
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v10.9.9/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 359746750671670359a90de0fd99881617837637d9da47aa25c131d85ed44c34

Request headers

Referer: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf
Origin: https://geekpolice.forumotion.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36 Edg/80.0.361.50
Content-type: text/plain

Response headers

date: Sat, 22 Feb 2020 16:00:58 GMT
via: 1.1 varnish
machineid: 1435
x-cache: MISS
status: 200
x-cache-hits: 0
content-length: 1304
x-served-by: cache-fra19154-FRA
pragma: no-cache
server: nginx
x-timer: S1582387258.401346,VS0,VE134
content-type: application/json;charset=utf-8
access-control-allow-origin: https://geekpolice.forumotion.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sat, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

470 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pubmatic.com/	1970-01-19 11:52:19	Name: KRTBCOOKIE_188 Value: 3189-no-consent&KRTB&22716-no-consent
.pubmatic.com/	1970-01-19 09:42:43	Name: KRTBCOOKIE_153 Value: 19420-l-HtMpe06zKP5-gzxLT1YMG26jSPsLtnkLMDoi2L&KRTB&22979-l-HtMpe06zKP5-gzxLT1YMG26jSPsLtnkLMDoi2L
.pubmatic.com/	1970-01-19 08:16:19	Name: PugT Value: 1582387249
.pubmatic.com/	1970-01-19 08:16:19	Name: KRTBCOOKIE_699 Value: 22727-AAKPvk68oqAAABTXaI2IcA&KRTB&22744-AAKPvk68oqAAABTXaI2IcA
.simpli.fi/	1970-01-19 16:20:09	Name: suid_legacy Value: 8F5589C699C048D3B71BA23E6AFBCB5B
.pubmatic.com/	1970-01-19 08:16:19	Name: KRTBCOOKIE_1051 Value: 22884-18072662234735729772
geekpolice.forumotion.com/	1969-12-31 23:59:59	Name: GED_PLAYLIST_ACTIVITY Value: W3sidSI6IlZjakMiLCJ0c2wiOjE1ODIzODcyNTAsIm52IjowLCJ1cHQiOjE1ODIzODcyMzMsImx0IjoxNTgyMzg3MjMzfV0.
.pubmatic.com/	1970-01-19 09:42:43	Name: KRTBCOOKIE_594 Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.simpli.fi/	1970-01-19 16:20:09	Name: suid Value: 8F5589C699C048D3B71BA23E6AFBCB5B
.pubmatic.com/	1970-01-19 09:42:43	Name: PUBMDCID Value: 3

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://geekpolice.forumotion.com/t28588-urgent-help-with-trojan-zeroaccessinf(Line 20) Message: {"w":1585,"h":1200}
console-api	log	URL: https://static.criteo.net/js/ld/publishertag.js(Line 1) Message: %cPubTag color: #fff; background: #ff8f1c; display: inline-block; padding: 1px 4px; border-radius: 3px; ERROR: Error onError: TypeError: Cannot read property 'getItem' of null
console-api	warning	URL: https://api.dmcdn.net/all.js(Line 2) Message: Player not reachable anymore. You may have destroyed it.
console-api	log	URL: https://ads.viralize.tv/display/?zid=AADcmtDxwBuvdWye(Line 3) Message: Website has been discovered.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
2img.net
7img.net
a.volvelle.tech
ads.rubiconproject.com
ads.slmads.com
ads.sportslocalmedia.com
ads.viralize.tv
adservice.google.be
adservice.google.com
adstune.com
ajax.googleapis.com
ams.creativecdn.com
api.dailymotion.com
api.dmcdn.net
api.viglink.com
beacon-eu2.rubiconproject.com
bh.contextweb.com
bidder.criteo.com
bttrack.com
cdn.jsdelivr.net
cdn.taboola.com
cdn.viglink.com
cdnjs.cloudflare.com
cds.taboola.com
cm.g.doubleclick.net
connect.facebook.net
connect.topicit.net
convammp.taboola.com
creativecdn.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geekpolice.forumotion.com
gum.criteo.com
i.servimg.com
ib.adnxs.com
id5-sync.com
illiweb.com
images.taboola.com
imasdk.googleapis.com
imprammp.taboola.com
logsene-receiver.eu.sematext.com
match.adsrvr.org
match.taboola.com
match.zorosrv.com
optimized-by.rubiconproject.com
pixel.rubiconproject.com
platform.twitter.com
px.powerlinks.com
rtb.mfadsrvr.com
s0.2mdn.net
s7.addthis.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
server.exposebox.com
static.criteo.net
stats.g.doubleclick.net
sync.mathtag.com
syndication.twitter.com
trc.taboola.com
v1.addthisedge.com
vidstat.taboola.com
wf.taboola.com
www.dailymotion.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.storygize.net
x.bidswitch.net
z.moatads.com
104.244.42.200
141.226.224.32
151.101.114.2
151.101.114.49
151.101.14.2
151.101.14.49
172.217.18.2
178.250.2.152
178.79.227.167
18.194.31.52
185.184.8.30
185.29.133.58
188.165.2.137
192.132.33.46
195.8.215.129
195.8.215.136
2.19.38.84
216.58.207.66
23.210.248.44
23.210.250.213
23.37.55.184
23.43.115.95
2606:2800:234:59:254c:406:2366:268c
2606:4700:3030::681f:4408
2606:4700:3031::6818:7f32
2606:4700:3031::681b:8de7
2606:4700:3031::681b:a9ec
2606:4700:3034::681b:9f51
2606:4700:3037::6812:3807
2606:4700::6810:5714
2606:4700::6810:a40d
2606:4700::6811:4104
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:818::200a
2a00:1450:4001:819::2003
2a00:1450:4001:819::200a
2a00:1450:4001:820::2006
2a00:1450:4001:824::200e
2a00:1450:4001:825::2002
2a00:1450:4001:825::2008
2a00:1450:4001:825::200a
2a00:1450:400c:c06::9a
2a02:2638:1::13
2a02:2638:1::3
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.158.58.156
35.186.238.232
35.201.85.158
35.210.178.101
37.252.173.38
40.113.136.100
46.105.105.90
52.17.159.142
52.19.82.46
52.212.184.249
52.34.54.104
69.173.144.139
69.173.144.142
69.173.144.152
74.214.194.139
78.109.92.217
03170d876a0adf17b20fdf99fb7829a2b62ab758c67adf0c24d733b06ab2991f
03b5f2e48b9e372bbb0bc35fd8f2bf41fc2a71d411d7bd8c715a73c7ab048e58
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0573d46962f301ed10c572f0fa59035de81010a2ed7e05e0c661f560045bbd6d
06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d
06f2b47a2e8017f8387d34806efc5c3643954171cc9cb38e4b1f583a42aaeaa1
076a0da04785a7bfd4686af1d277cee821f358f73b3754d4303b9d32e584aa4d
099ae698b2292d7ec4a45c32230ac80d194d9d8cebebd634f38a2e132535d209
1170e00e92925b24293c851e00bbefb2aef3c1565b0d124f99b3bcb44b17fdc9
14e342c6de6ba11bd6cf079d8cabadae857ec076d41a7199812372b457270601
162f8a6d61544a0ab207c5614393b66bc21ddb2bfeabfc2c8f1479e21b7f5495
18e2a79c51c0d8562427f979bfdba04e1526b5cb78601788f1b4c8002b007f74
1a4dee2269258e980cfbc6965cca52520d51b0cf399cef6218e123c7620cafdc
1c96742b44776fe32e99be10be813221ed890f228adb37b40885c77a6f90ed5f
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1
26728017ee584b3e0e9a8f2783825afab13aa446132c3dc69e1553eed881b0e6
29b7d38c1d1667cbef5e781da49198dd8a77c4a93eb6db5ba8294ed756a70885
2ade594ab473672b093e74ea72c5c4c42aa03f641eefcba1f2d637b0fc7600f6
2b0459b2de0cf6cbf41bedce6c8a0cc8357bd809b239bb7ed6dfbd22c8a990f9
2c40268ea5d1402c6a0431392941b3e1b13f4f0ab05bbb33edef1e0b54fedd63
2c8131f7ba755379dc891837b3fb8d33a121af58a922a7f042094cb4fcf58af0
2d5b967ce534ad614c089365d716f72b61d259fc6d2b820f6ea11eacfd4ff373
2da348c69333630f763befa85f4c3297a0e64372f34bbc69288bcdf9250d794d
2e8e252a90b8cf81bfc3ab4333c12a7e94f015831698a2857b84378d444ea540
327358936ae1faca746b38258cde21f2574d062dc6f939a8b9fcfa8e2adfc9ee
32870641cd71c926b0a86673ed4efa9b3241d91e091b7a85a26a76f16f3ebf61
359746750671670359a90de0fd99881617837637d9da47aa25c131d85ed44c34
36120315ac48cb331f54bbc978490bfa3ce4fec82cc3853d070ef7bb1a806755
370b552445d23352665910e1d09c61c4222a4bae042a884b0ea97fbc9c7f315e
39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542
3c31cd65ebdc949a23d1efd2f32310709b7f05ecc8189fe463137b4112f75fc2
411c623857d9f624b95594f301fd746098cf7d0a346cf43c34b39be8d711d1ee
42359043a67804ccc6798b35ef28dc140b72fe74f3c9b43fbaf4b97c624f6665
4517f0a3893222df073141313c178ccbc99343f3903fb12023173b0d9de78ab9
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
49ab0086d7dde46e17d30747a89d97a09c5aaf66b667ca3a6d79de98c2ef044b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c5a52e287c724e3286b39c6d2999a876ce197014c73622c1bd61757c3ee92cd
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4d74fbd56a90385e006e70fe80f9a09ef2e12e558dfee592c2a1c7445bf0a79e
4da78e50b8650f5606faeb45314226de41ef00b83656ff91a5ead0614d4efb11
4e440b75623a8b056a722f4821563d6c3e720d2131b7329ebf30da867598b318
4f2b7e987474183ea3293084c5069b7a5227876ed8fa10da3dd3588ee7124c16
53b50d936fbd0379b43181e53561a665a21e6ea1d1fd50a08b8eeaa0fee06906
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
6128639c8a7b8d51293d0012d9536db53b9f42649c98aa398e0f6031df3b295e
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
6645d3fd142209867c6fc505c98c8481a58bbce5853b79bf9de7b79b7bcdb02f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90
6e02b8d9136deffbc71b3370e6fac7f366282ea89d309754b06c013276b5c0a7
723de497fedb84a4da163f75065f4d740c799607fe69742390782f15bf8dbf7b
7432fbb20ee2e12bf6f4e1c2c2b56ad56108ab50bbb4425c2bfebf2fafa83723
838710715f3ae7a751cdc9b6de612e77571a840f7a390f6e354a1096e437dc5b
849a7973a59dd42b90a1135c35b3d990f85836ab3a997dc8f7b0af38252879b6
88260eac4e7bdd1d5eae4265ec1cf27057150926cf42c1543e61d6775fab90ba
888efe26d813e1c9bab436a8658c12d5628ca46307a1424871c2b1f749bb1e96
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a784c528f9dd6c8e1cf2e4e35d5499742679ac41c09f299114bca88646ccc99
8fb0dbd66e3091dd62288e41c7cf318688f865c82235b9b20859f137616b8fb0
90974da6d9d353c86066c1df50b0f60688d54b8096964de413b8ff66412263d8
9190332b785d4e94be3332ab55eeeaa66279e22dd3de6441e38af9345465365c
92eab69dbd8201984039ce4823c549843d29de167b650dd0c98b43662e008a0d
95b8b2e473f89b19fea337be84c5c551477874b0db546b77d02f0d87a037303e
9aa3ad362286b868dad7ee3fe2d898284bff02d2d7f3ca8aab06500d0f117306
9c3c4cff97345d34610704580b4634771d2ec0f8f7c640e510e3d830e4a4ea0a
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9f6d81eec4ac78a35964c2755aba7bd57c52c6a1de2ac035548442ff32b0d89f
a149c4fbc32ff61e3a1056193092cc1da68b8b4fe27c02780768bd0c92f66772
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a7019b73cbcf928d42e36f0588c8748254ef15b914690083d80a629943267dcd
a9aca50019231f85f469a5e0019bf363b41b9886b238a44bb1fe837ca4408da1
ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ada57a5efa48aec9d5affe43a7252ded6941a27352d3e79f31b7650f2b029dd0
ade509d4ea93e2755569837ea972e04251679ac10ba99d64e9800a3e2edec6f5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4681ba83d0f96422ead40f22a0a3bf90038c4f61bad6828a8cfab751cbe8b99
b7bbe7d86b20624424b439a38c94279a2796320d975857b844673d8d76b405c2
bf5d88991e668459f84092cc3729c0adfda768076ebd7791ed49fccff76c4eb2
bf5e5e45b4aa5aed1ec3b02388aba23b3db44fa91c54e2da0b2d12ec08af0b41
c3465eca606b1e68940290c8bb3ae54742cd79a00eda85e23a2c3cba54dccd66
c9513d81feee57d5a3572160c245bca1fedaa777fe0700975da6511a645786da
d3e328d0eb0e0dc3fe3bac4dc244a3dfb42cb519f1e88d93e50b89b889c607f5
d92c3106afa291abcefd52dd891825af921521fb643b4ce9e432e7d555bba2f8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e0c663a4e3c1037608a7f536ab6b96e26180de12fc9ef04d35bbe06a3668f0d1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71ce8fdd29b3c7b0c0cc16b5a9f1cedf7a420d55f4becbb3caf97fd98dc4dd5
e78399f7337b3f53ac58c75aef7273aaf72c08e772193731e8ff8734b3b4f8ac
e93981763fee7adb1384f54134ae21113517f9e80febe5d0d80f01a75eb97e90
e94d8938571b1ea3971b3e36c08700860afaa0d53415934f3fc09066e011ec80
e954e030b0295a228516347c01f51e27b09894bda258c5058ff8c29b4efcf539
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0648e82e4c77d04dac47abdae61b19b9a5adb1890fceb13a6d9e89c04c060a8
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
fa220dd8332679b8547150dfe1ead60d9d3712d7c8164cab8da3ac453596e0d7
fe513a7b6a5f1a53c13638bb35890cd1f87e98997dd645e66c7ec65ddbd79f5b
fe87c9ed3ae9c73712c5484f1963b6d7e19ba5c48c51742f1bc5a84ac1dbc224

geekpolice.forumotion.com Open in urlscan Pro 188.165.2.137 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

149 Requests

99 %HTTPS

41 %IPv6

50 Domains

74 Subdomains

53 IPs

10 Countries

1841 kBTransfer

5447 kBSize

10 Cookies

67 Outgoing links

Redirected requests

149 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

geekpolice.forumotion.com Open in urlscan Pro
188.165.2.137 Public Scan

Screenshot
Live screenshot

Full Image

149
Requests

99 %
HTTPS

41 %
IPv6

50
Domains

74
Subdomains

53
IPs

10
Countries

1841 kB
Transfer

5447 kB
Size

10
Cookies

149 HTTP transactions
2 data transactions