malware.popdocs.net Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://malware.popdocs.net/
Submission: On December 10 via api (December 10th 2024, 4:46:19 am UTC) from US — Scanned from NL

Summary HTTP 46 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 9 domains to perform 46 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is malware.popdocs.net.
TLS certificate: Issued by WE1 on October 29th 2024. Valid for: 3 months.

This is the only time malware.popdocs.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2a05:d014:58f... 2a05:d014:58f:6200::65	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.228 142.250.185.228	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
2	142.250.184.206 142.250.184.206	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	64.233.166.155 64.233.166.155	15169 (GOOGLE) (GOOGLE)
46	15

3 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

malware.popdocs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

malware.popdocs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:58f:6200::65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

sdk.soopr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.166.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	popdocs.net malware.popdocs.net	261 KB
5	google.com www.google.com — Cisco Umbrella Rank: 3 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 695	130 KB
3	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	196 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 135	556 B
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 617 cloudflareinsights.com — Cisco Umbrella Rank: 591 Failed	7 KB
1	gstatic.com fonts.gstatic.com	47 KB
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 45	988 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	6 KB
1	soopr.co sdk.soopr.co	11 KB
46	9

	Domain	Requested by
29	malware.popdocs.net	malware.popdocs.net
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
3	pagead2.googlesyndication.com	malware.popdocs.net pagead2.googlesyndication.com
2	stats.g.doubleclick.net	malware.popdocs.net
1	cloudflareinsights.com	static.cloudflareinsights.com
1	fonts.gstatic.com	malware.popdocs.net
1	lh3.googleusercontent.com	malware.popdocs.net
1	fonts.googleapis.com
1	www.google.com	malware.popdocs.net
1	sdk.soopr.co	malware.popdocs.net
1	static.cloudflareinsights.com	malware.popdocs.net
46	11

This site contains no links.

Subject Issuer	Validity	Valid
popdocs.net WE1	`2024-10-29` - `2025-01-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-11-01` - `2025-01-30`	3 months	crt.sh
sdk.soopr.co E6	`2024-10-25` - `2025-01-23`	3 months	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://malware.popdocs.net/
Frame ID: D33762BB3F76F01B098B7C4A7A76DA7F
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malware Analysis by RFS

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

46
Requests

98 %
HTTPS

57 %
IPv6

9
Domains

11
Subdomains

15
IPs

4
Countries

660 kB
Transfer

2276 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
malware.popdocs.net/ 41 KB
7 KB 300ms
246ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bd2dacce61962edbf5b1844ef63c31b50546c8e52990b0be5648d17b10be4cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 18095
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8efa9706bc8566e4-AMS
content-disposition: inline
content-encoding: zstd
content-type: text/html; charset=utf-8
date: Tue, 10 Dec 2024 04:46:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QSkYT4RJumlVey42JXMpoKOmmh1%2F%2FNuPAw3AE4T0ULYAWAB1%2Ben2HpZmww0Ry42BDg7A9YkJRoaG%2B83BPoxjiWt9uoc4rWsvhwl1WoUPeluMX8OPt1sEWxWwYIsVOc9ag4En33uiBF1nm72vwVsM%2FDeq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=14243&min_rtt=14167&rtt_var=2335&sent=7&recv=11&lost=0&retrans=0&sent_bytes=4005&recv_bytes=2389&delivery_rate=269702&cwnd=253&unsent_bytes=0&cid=57a2bd564dfe5975&ts=252&x=0"
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-content-type-options: nosniff
x-matched-path: /
x-vercel-cache: HIT
x-vercel-id: fra1::9xgbv-1733805973746-96e9991f853f

GET
H2 200 a34f9d1faa5f3315-s.p.woff2
malware.popdocs.net/_next/static/media/ 47 KB
48 KB 269ms
268ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/media/a34f9d1faa5f3315-s.p.woff2

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://malware.popdocs.net
Referer: https://malware.popdocs.net/

Response headers

cf-cache-status: MISS
etag: "d4fe31e6a2aebc06b8d6e558c9141119"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sn9UNUG3Y6lVEfsoUQbMNONysJMouZ%2B2BRhj8iAQUam1rDweA3hCANaG%2BkFTxfGf%2BYEz1cDCtroi9eD3VkWCPO1wUf1fTDTuImkOp4VdFt6A2trdrtx0BrqH1RTOIheqxzaPpEHbGVhs7Ipcgnqluaue"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/media/a34f9d1faa5f3315-s.p.woff2
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=15094&min_rtt=14152&rtt_var=2299&sent=18&recv=17&lost=0&retrans=0&sent_bytes=11585&recv_bytes=2659&delivery_rate=716772&cwnd=257&unsent_bytes=0&cid=57a2bd564dfe5975&ts=526&x=0"
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: font/woff2
content-disposition: inline; filename="a34f9d1faa5f3315-s.p.woff2"
vary: Accept-Encoding
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
cf-ray: 8efa97084d7466e4-AMS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48556
server: cloudflare
x-vercel-id: fra1::sbkk6-1733805973907-2271252b479d

GET
H2 200 f5c9b81a49d7ef97.css
malware.popdocs.net/_next/static/css/ 66 KB
14 KB 284ms
283ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/css/f5c9b81a49d7ef97.css

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03b6db4336158a4f46a4980ca088a697c7e55968aceb86faba810d728cd929c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"5fda4caa374e4f3bf2c7839aca56be9e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONW%2BMwm7UU7%2BM0Pzw8IlliHJuk4osXb2Yem2mXzuCHLRy5W5mXddM4yc6VMI4WCog%2FsG3lvjshpzBg%2BInqjJoe3zY%2FYh2iDyy%2B26XNAt4RAYQZygCripnbWhLLTx1NSFT4qx9D2q4phRaBGXrR4nJQa1"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/css/f5c9b81a49d7ef97.css
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=14872&min_rtt=14152&rtt_var=291&sent=62&recv=29&lost=0&retrans=0&sent_bytes=61665&recv_bytes=2659&delivery_rate=3648149&cwnd=279&unsent_bytes=0&cid=57a2bd564dfe5975&ts=543&x=0"
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/css; charset=utf-8
content-disposition: inline; filename="f5c9b81a49d7ef97.css"
vary: Accept-Encoding
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
cf-ray: 8efa97084d7266e4-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::9mkjf-1733805973906-9b1575788b45

GET
H3 200 webpack-41a9ee0a1d65a3d2.js Show response
malware.popdocs.net/_next/static/chunks/ 4 KB
3 KB 244ms
244ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/webpack-41a9ee0a1d65a3d2.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9826c3cbd94dbd150e3cb487808da153fb8f3ee63a9df65a2a0be07a0434658d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"3ae0904f07f29a4999887cd5c4b73f74"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BuCPKdCDwAHea%2BSuTBvrcQGdhhKOJo%2BIgzb0VNsi1Hwu7JD9RBiMW4Y6rKs1OKxjnmo9mbQxyesupF0aXP%2B3HMM2TH7fqW5Tw1bVNu6Bfrl6E6Fk3PSpEbN12gklhId0u6uHnca"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/webpack-41a9ee0a1d65a3d2.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16419&min_rtt=14498&rtt_var=1996&sent=40&recv=32&lost=0&retrans=0&sent_bytes=29769&recv_bytes=8538&delivery_rate=818452&cwnd=19200&unsent_bytes=0&cid=5486a8d32a817b41&ts=506&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="webpack-41a9ee0a1d65a3d2.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a0cba9f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::h2wwm-1733805974117-fbc01899cbf8

GET
H3 200 fd9d1056-182ecd18cdd342a6.js Show response
malware.popdocs.net/_next/static/chunks/ 169 KB
55 KB 467ms
467ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/fd9d1056-182ecd18cdd342a6.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fe395fafbd0eee9874dff87e6261b938c345f9ff4bdd23e63f805c10d7f6446

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"e98310e15c98d32910d2e8ef298eac36"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMDVzX0Bd1fjLfg%2BSIPaulWEh1MNmG9EgoicWNsHOgdMwfIvucoyLpNI3hlHhyLhAjYR9i%2FHfbTZqaRm5OYIWiY4S1CTSoSGeq7SZ6rb3dgQBJ0ch2dRMZUFsmPWkyxbV%2Bw1Qb4Y"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/fd9d1056-182ecd18cdd342a6.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15023&min_rtt=14498&rtt_var=163&sent=118&recv=69&lost=0&retrans=0&sent_bytes=116422&recv_bytes=10161&delivery_rate=1196684&cwnd=48000&unsent_bytes=0&cid=5486a8d32a817b41&ts=739&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="fd9d1056-182ecd18cdd342a6.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cc99f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::bk54v-1733805974230-037575666631

GET
H3 200 117-de5a682abea88488.js Show response
malware.popdocs.net/_next/static/chunks/ 121 KB
33 KB 318ms
318ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

230c6068f9e9114580013b7085e2528f2e6e53a88070013accced8e454b3c593

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"86be95c085c6dcbb5bb2ec2a7037f094"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=II%2BGdaoTP%2Fe%2FxCzpFmkqkzS5BxqPoiIYb9jQL%2F1IgQBAXtAcXEzU6EIQ%2BiHUWPZEBN83IqtZulU0EOWngK9tRDY1Kd3bV7U59YA3HzEPtZ87MPFmLFc4i93E%2FhVoLybePXi8zlN0"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/117-de5a682abea88488.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16251&min_rtt=14498&rtt_var=1624&sent=51&recv=39&lost=0&retrans=0&sent_bytes=41206&recv_bytes=8839&delivery_rate=327653&cwnd=19200&unsent_bytes=0&cid=5486a8d32a817b41&ts=594&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="117-de5a682abea88488.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1ccf9f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::xbd7b-1733805974174-8c13e92f3f4f

GET
H3 200 main-app-b840e258ff6945a0.js Show response
malware.popdocs.net/_next/static/chunks/ 461 B
1 KB 198ms
197ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/main-app-b840e258ff6945a0.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93843087de178864db7ec985b03aa9ee87489a8e0209a3c2e3d684ce8f0061eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"c99dc6974bed49baaa682be916d481c8"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=opGyY3Ky7JJyH9dCb9kG5GJF%2FXn6YfrAyOcSZ34vyhKAWJ%2BVCmBs2NJbM7TnGLsJyveISAR2sN8hVpthFoKkZdoLcyizegvPv1dtOe7Pvkhqk6DPND1wBmW61zqv7C%2BH9RiDVOmT"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/main-app-b840e258ff6945a0.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14914&min_rtt=14498&rtt_var=919&sent=24&recv=26&lost=0&retrans=0&sent_bytes=14059&recv_bytes=8280&delivery_rate=68483&cwnd=12000&unsent_bytes=0&cid=5486a8d32a817b41&ts=474&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="main-app-b840e258ff6945a0.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd09f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::5x5v4-1733805974135-09f723442496

GET
H3 200 972-db66f2e99cbb603e.js Show response
malware.popdocs.net/_next/static/chunks/ 20 KB
8 KB 201ms
200ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/972-db66f2e99cbb603e.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293ea251bde5f589c18b05404c0dda7ca4ea48575cc6f3967a938de7fdca985b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"ff9aff481c8bfcf9b67c9d06152688fd"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MY7VhlCx2Xrf10Ozy2m8i2abIs5gInitvksxxOZnGDT6xqTbD4ClHHwP6iZgYlkhSu9xAglqKC7qHqgI9O%2BYS9kemKrNlhnKmqZ0ueH8355IJgThsnqUMHYmhmBe%2Fy4UoYkFfnvD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/972-db66f2e99cbb603e.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14914&min_rtt=14498&rtt_var=919&sent=26&recv=26&lost=0&retrans=0&sent_bytes=15228&recv_bytes=8280&delivery_rate=68483&cwnd=12000&unsent_bytes=0&cid=5486a8d32a817b41&ts=477&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="972-db66f2e99cbb603e.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd49f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::7lshl-1733805974131-64b5773fcf43

GET
H3 200 317-42f68fc7d7f011a2.js Show response
malware.popdocs.net/_next/static/chunks/ 21 KB
8 KB 497ms
497ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/317-42f68fc7d7f011a2.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3226c45ab244f44d0b7c4f0d027674fcdb655387cb470f07f2ea48e7ad397bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"28b2602ff987b7b68d925a63220324ad"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WsEUDs0mVXLUC9Wdo20XSBOiCWFqO7GQy1RsiXaK6JCU3bAx9Tax%2FN9J5hmVnwFZYyRTJUnziKZEcfVR5pjKA%2Fa79%2BEf4FE4mUBnVTHYQliLxJNoSD6mREi4Aj7DOe3WR4lj7y9b"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/317-42f68fc7d7f011a2.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15960&min_rtt=14498&rtt_var=1128&sent=168&recv=74&lost=0&retrans=0&sent_bytes=174252&recv_bytes=10382&delivery_rate=2873471&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=773&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="317-42f68fc7d7f011a2.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd59f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::lj4tk-1733805974175-d7f559933b41

GET
H3 200 423-190ebcd02d7bf423.js Show response
malware.popdocs.net/_next/static/chunks/ 110 KB
39 KB 357ms
356ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/423-190ebcd02d7bf423.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f045b6054afd799c2a4d14c782944b20c6b044c9e62d1210caf3d36925e90e8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"75df379050887c09f6cbb414fda93cdb"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x77WSO2lb220s8gCAnEWXRZ8t36frhkbV5yaDuDON6tDtTq8wx63whAIY2Q%2FgNUoPiSwSfMg%2FXX9Y5SFIwtmHWO35Xy9VywOvE8FyhYqXjvymI9TgcNsAbN%2FBpI7Jpuqmvf6mRAI"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/423-190ebcd02d7bf423.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14933&min_rtt=14498&rtt_var=384&sent=82&recv=55&lost=0&retrans=0&sent_bytes=76036&recv_bytes=9538&delivery_rate=1131684&cwnd=38400&unsent_bytes=0&cid=5486a8d32a817b41&ts=633&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="423-190ebcd02d7bf423.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd79f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::hfnq7-1733805974230-ccd49638521d

GET
H3 200 page-36095391a304b4f8.js Show response
malware.popdocs.net/_next/static/chunks/app/ 13 KB
6 KB 202ms
202ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/app/page-36095391a304b4f8.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

561f04ca227bbc6897f320ff47f972e3b9f9331e3ab7422be71d10ebd467ac23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"edfc5c3d171b46048ddf1d5580b8352a"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W46twxm91uqgM0ojSKkeqDCf2hOHuRfuvLmn5DQzTsMA7pgckcAkDGlbB2ClCXEpra%2FyyrhHyC9LKtucoI62sZ7BjkidyJZa%2BdaE5EHLOnMohhpoFh%2BW9H0QchGs4zX8j80V4smt"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/app/page-36095391a304b4f8.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14914&min_rtt=14498&rtt_var=919&sent=33&recv=26&lost=0&retrans=0&sent_bytes=23526&recv_bytes=8280&delivery_rate=68483&cwnd=12000&unsent_bytes=0&cid=5486a8d32a817b41&ts=478&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="page-36095391a304b4f8.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd89f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::29zbd-1733805974137-21447c353ca9

GET
H3 200 layout-f0246113869277a0.js Show response
malware.popdocs.net/_next/static/chunks/app/ 11 KB
5 KB 303ms
302ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/app/layout-f0246113869277a0.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

586bd9a297ca4cd9712a5fb65ed97e6b838b9b752d12eee61645502ae6562a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"701b9c54c21b1b6aa3b7bc998d4d2a40"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scfUsJC1VFgu4WcyGmVfUO%2FRWEghr1PiM%2B7ZLt%2F3XDMFKRt68V76I6JypwcvQeUeN8Hisz5gllaPVlmKFbsCbv7JZzq8ZedWFjzAB%2F1Gcbtd%2Fj9%2FVGYBfxG5Wjp597FFPSGIk1f8"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/app/layout-f0246113869277a0.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16737&min_rtt=14498&rtt_var=1389&sent=46&recv=37&lost=0&retrans=0&sent_bytes=35597&recv_bytes=8753&delivery_rate=333531&cwnd=19200&unsent_bytes=0&cid=5486a8d32a817b41&ts=578&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="layout-f0246113869277a0.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cd99f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::r9xjj-1733805974230-e71e009c6d1f

GET
H3 200 not-found-eed941865d7158ea.js Show response
malware.popdocs.net/_next/static/chunks/app/ 4 KB
3 KB 233ms
233ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/app/not-found-eed941865d7158ea.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6ff8db6c78d00bf303b993c354a67642ab902d136d484d661d445460b5db7f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"e65e6a2150f39e881a494a915f43d35f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cWVbAlIgLcW9y7QNvw9%2FKkid8oIuSwJC1L355IEGu9%2BD7ZSWF4Orz1EyEB1EdNLZR0%2FRFavs421hAnYSrZ3nxx0QPfb1pmfgPwhb7YWUJdkakfBYDAIq1kRLpoyVApi1k7tT505X"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/app/not-found-eed941865d7158ea.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16858&min_rtt=14498&rtt_var=1886&sent=43&recv=34&lost=0&retrans=0&sent_bytes=32649&recv_bytes=8624&delivery_rate=485666&cwnd=19200&unsent_bytes=0&cid=5486a8d32a817b41&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="not-found-eed941865d7158ea.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
cf-ray: 8efa970a1cdb9f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: lhr1::cjqr4-1733805974129-baa868a39245

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
52 KB 85ms
41ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9236847887178276

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b2586f6d8869fb4b596ba6b5158dc23cd976d3128a8a420e308289233a45d36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://malware.popdocs.net
Referer: https://malware.popdocs.net/

Response headers

content-encoding: br
etag: 7025726241887646176
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 04:46:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 10 Dec 2024 04:46:13 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53417
x-xss-protection: 0
server: cafe

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 19 KB
7 KB 75ms
36ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: malware.popdocs.net
URL: https://malware.popdocs.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 8efa97088ab4a017-AMS
access-control-allow-origin: *
date: Tue, 10 Dec 2024 04:46:13 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 404 circuit-board.svg
malware.popdocs.net/ 11 KB
11 KB 73ms
73ms Image
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://malware.popdocs.net/circuit-board.svg

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/css/f5c9b81a49d7ef97.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88a4c4c18ec4e30726b8a3c315835cfb4c18b4d865c5bb262fbdae72c7e6b832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/_next/static/css/f5c9b81a49d7ef97.css

Response headers

content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IrZArcbgZQC9x5H0fetLKYKRa5CM7c22kTOn%2BFCuLpQkOjtQdSP72dkfZspmRdlyanq4byZ%2BZ39DQqro%2BalCuISj2p0128yq15CDJaTpgDd6zOCZuESaTxhpwaUmVWgMh%2Bkvd35b"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /404
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14969&min_rtt=14498&rtt_var=1775&sent=20&recv=23&lost=0&retrans=0&sent_bytes=9948&recv_bytes=8150&delivery_rate=72212&cwnd=12000&unsent_bytes=0&cid=5486a8d32a817b41&ts=351&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
content-disposition: inline; filename="404"
vary: Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 00:23:07 GMT
cf-ray: 8efa970a1cdc9f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::hl6bm-1733805974140-207136696e97

GET
H3 200 s.js Show response
malware.popdocs.net/cdn-cgi/zaraz/ 8 KB
5 KB 38ms
38ms Script
text/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyTWFsd2FyZSUyMEFuYWx5c2lzJTIwYnklMjBSRlMlMjIlMkMlMjJ4JTIyJTNBMC4zNjUwMjM3MDEzMjkyNjk0JTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZtYWx3YXJlLnBvcGRvY3MubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtNjAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9a424f16f7f31559063ea61e79348b6194f6448f4abe297fdc689a0ce5aea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

x-robots-tag: none
access-control-max-age: 600
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMARMuesr04uOAp9lFokj5Bj%2FDOp8L%2FEe8dWr3x7mseshkxMpN%2F%2FjeDgIa8TMzIyDT%2BXsymlVM2kOiBEUIpx9SlpJTtfWD1%2BLbEa3cwIU0Htqwr9LtCESjs4fwLu3USnU2ILW%2Fcr"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD, POST, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14915&min_rtt=14498&rtt_var=2982&sent=15&recv=21&lost=0&retrans=0&sent_bytes=4360&recv_bytes=8064&delivery_rate=666&cwnd=12000&unsent_bytes=0&cid=5486a8d32a817b41&ts=328&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/javascript; charset=utf-8
vary: Origin, Accept-Encoding
priority: u=3,i=?0
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8efa970a3ce59f87-AMS
access-control-allow-origin: https://malware.popdocs.net
server: cloudflare

POST
H2 204 collect Show response
stats.g.doubleclick.net/g/ 0
556 B 74ms
23ms XHR
text/plain 2a00:1450:400c:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-XXS0T1JJPC&cid=5340d363-aad0-4556-8f5d-5ec4280a2b68&_u=KGDAAEADQAAAAC%7E&z=707798715
Requested by: Host: malware.popdocs.net
URL: https://malware.popdocs.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c09::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://malware.popdocs.net
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 soopr.js Show response
sdk.soopr.co/ 41 KB
11 KB 198ms
22ms Script
application/javascript 2a05:d014:58f:6200::65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.soopr.co/soopr.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:58f:6200::65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

eaad5f0663773b82a2c9d31a0a7b0ff9b5324c4410bd4ca9a5c1511addc9bce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "5c8270ac320a6589e574170a963041ac-ssl-df"
age: 46663
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11346
x-nf-request-id: 01JEQE78SRR31HZNY2BGHB59Z5
cache-status: "Netlify Edge"; hit
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
0 104ms
61ms Fetch
image/gif 142.250.185.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-XXS0T1JJPC&cid=5340d363-aad0-4556-8f5d-5ec4280a2b68&_u=KGDAAEADQAAAAC%7E&z=707798715&slf_rd=1

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyTWFsd2FyZSUyMEFuYWx5c2lzJTIwYnklMjBSRlMlMjIlMkMlMjJ4JTIyJTNBMC4zNjUwMjM3MDEzMjkyNjk0JTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZtYWx3YXJlLnBvcGRvY3MubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtNjAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f4.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://malware.popdocs.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 10 Dec 2024 04:46:14 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412040102/ 434 KB
144 KB 60ms
59ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412040102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9236847887178276&plah=malware.popdocs.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9236847887178276

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

3776d5ecfa36008fb81e657b567977f9ddb467b3d406f6903eecf439dafa74fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: br
etag: 16409349162331365937
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 04:46:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147646
x-xss-protection: 0
server: cafe

GET
H2 200 ca-pub-9236847887178276 Show response
fundingchoicesmessages.google.com/i/ 197 KB
65 KB 107ms
52ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9236847887178276?href=https%3A%2F%2Fmalware.popdocs.net&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412040102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9236847887178276&plah=malware.popdocs.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e204981d55f57888633fba363a77c3a472653c0cbfae5c1ecdee1aab76c275e0

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-q9TXh0qAU14SDUeVkrPpGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmII1pBikPj6kkkDiJ3SZ7AGAXHrzXOsU4HYaO15VicgTvp3nrUIiA0VLrE6gnDRJVZPIFbtucRqCsT3111ifQ7EM85fZl0AxEUSV1ibgJjh6xVWDiAW4uGY1n9_F5tAw_VN2xiVNJLyC-OT8_NKijKTSkvyi9KS01KLU4vKUovijQyMTAyNDCz0DIzjCwwA7-hAyw"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-q9TXh0qAU14SDUeVkrPpGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 AGSKWxVCLbES4RQu8kprDD-U7V_zltfaK9JXXe3_BspX7hRChb2WKnE5uAhc8pcEHHBXiLN1ik0nmsWKvQNC2HSPhBFIyP1553FUfaFHR47fhNOPZm9lsWVDlPHooQiEo98Tl-6LeSvk0g== Show response
fundingchoicesmessages.google.com/f/ 438 KB
65 KB 86ms
85ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVCLbES4RQu8kprDD-U7V_zltfaK9JXXe3_BspX7hRChb2WKnE5uAhc8pcEHHBXiLN1ik0nmsWKvQNC2HSPhBFIyP1553FUfaFHR47fhNOPZm9lsWVDlPHooQiEo98Tl-6LeSvk0g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMzODA1OTc0LDQ3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9tYWx3YXJlLnBvcGRvY3MubmV0LyIsbnVsbCxbWzgsIng4S0pFcU5vUFdJIl0sWzksIm5sIl0sWzE5LCIxIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.nl.x8KJEqNoPWI.es5.O/am=DAY/d=1/rs=AJlcJMwyXXvb6w7PPVzySoQ7poPNDhg8-A/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ece8e954bd5203f9145d0d8efd667cbce031f14e880c6542a483a53ab9ea5193

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AX4HJsoinZsF6zTuDYT6_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmJw0ZBiOHnrNtNFIJb4-pJJA4id0mewBgFx681zrFOB2HjteVZnIE76d561CIgNFS6xOoJw0SVWTyBW7bnEagrE99ddYn0OxDPOX2ZdAMRFEldYm4CY4esVVg4gFuLhmNZ_fxebQMeUqc1MShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRiaGRgYWegbG8QUGAPTdRUQ"
content-security-policy: script-src 'report-sample' 'nonce-AX4HJsoinZsF6zTuDYT6_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 114 KB
6 KB 89ms
39ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.nl.x8KJEqNoPWI.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMw-j4I5ce3gGYbdhCET4zWsuHmN1A/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

892fdb2e5c44c5f901e7afb124ce07e4522e72ac445492eb8e4570e11aa56457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 04:46:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 10 Dec 2024 04:46:14 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 ck4W3_HZUjYzyTyeL9OW5Nqd13qq0Vq-82GrrqFrVJYws7AwnhpHdILey5OUmKfg8y8u1pJkieLFW1RPN-epN8ZYbGoRUPR1joEEiDg7LT4XvY4f3X3Q=h60
lh3.googleusercontent.com/ 692 B
988 B 92ms
31ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ck4W3_HZUjYzyTyeL9OW5Nqd13qq0Vq-82GrrqFrVJYws7AwnhpHdILey5OUmKfg8y8u1pJkieLFW1RPN-epN8ZYbGoRUPR1joEEiDg7LT4XvY4f3X3Q=h60

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

177b57cd23cb42c4333d91b3a31a3392547b1453ba30ad60f288887c1a5a4d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

access-control-expose-headers: Content-Length
etag: "v1"
age: 0
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 04:46:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
access-control-allow-origin: *
content-length: 692
x-xss-protection: 0
server: fife

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 55ms
24ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://malware.popdocs.net
Referer: https://malware.popdocs.net/

Response headers

age: 545284
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 03 Dec 2025 21:18:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 03 Dec 2024 21:18:10 GMT
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48236
x-xss-protection: 0
server: sffe

POST
H3 204 AGSKWxVoSaXw7yvZ08eVPciTHrepO0czAi1A0yeO1kQhYMSnzjYsPtIw_Sp1ENxCr1-8FnSyTmxQGPDxgmVjSfmR7uMJBJFR8xKUqZZN1rVkxQjS7x03penlRqL6JekOm3_uUfVvX33X0g== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 65ms
35ms XHR
text/html 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoSaXw7yvZ08eVPciTHrepO0czAi1A0yeO1kQhYMSnzjYsPtIw_Sp1ENxCr1-8FnSyTmxQGPDxgmVjSfmR7uMJBJFR8xKUqZZN1rVkxQjS7x03penlRqL6JekOm3_uUfVvX33X0g==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LF9TGk-H8fYb5rsfI7cUCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://malware.popdocs.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw15BicEqfwRoCxAxfr7ByALEQD8e0_vu72ARerJt0mEnJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGVjoGZjHFxgAAB7zJks"
content-security-policy: script-src 'report-sample' 'nonce-LF9TGk-H8fYb5rsfI7cUCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://malware.popdocs.net
content-length: 0
x-xss-protection: 0
server: ESF

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoSaXw7yvZ08eVPciTHrepO0czAi1A0yeO1kQhYMSnzjYsPtIw_Sp1ENxCr1-8FnSyTmxQGPDxgmVjSfmR7uMJBJFR8xKUqZZN1rVkxQjS7x03penlRqL6JekOm3_uUfVvX33X0g==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-PWy8FG22uWeHawWuiwe80A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://malware.popdocs.net/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1JBicEqfwRoCxAxfr7ByALEQD8e0_vu72AQuTP5-kEnJJSm_MD45P68kNa9ENzGlWBfELspMKi3JL0Jhp5aBVOTkp6dn5qXHGxkYmRgaGVjoGZjHFxgAACnqJnU"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-PWy8FG22uWeHawWuiwe80A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://malware.popdocs.net
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 about Show response
malware.popdocs.net/ 5 KB
2 KB 330ms
329ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/about?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda3645363fe3b2392f8723990b42ff2e6ab075bb5d701b0621d2e88860d595a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"2aa0cd2c4f81f73dda63664483bc1bbd"
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9IbOxYXo5A5VlO3qRSrGs3FG3X8Y%2Fmypa%2BpRmPHei0VBO2yzslfVHGuiRxtNCDKh9ia38h9J17xSuUOmVqcyjzR8p5T4TEP49VIan4kQklKISyfnbMKUZ5fqKYx4V1xDtdZBc3N"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /about.rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15460&min_rtt=14498&rtt_var=1018&sent=189&recv=86&lost=0&retrans=0&sent_bytes=190279&recv_bytes=17919&delivery_rate=61700&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1163&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/x-component
content-disposition: inline
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: PRERENDER
cf-ray: 8efa970d9fd19f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::h7wvn-1733805974688-029cc0fd27cb

GET
H3 200 contact Show response
malware.popdocs.net/ 6 KB
3 KB 337ms
337ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/contact?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55376829a1ab48b0aaa1c331fedf642adf44feb71fa57c35a358bb082ca84055

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"99c26e58c8d2155ad996a47d8846c318"
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FLRQXOHL1WtC5lvXa9gL6my5XyvY11rluYRe5C15yK9w8pdZbDa7Ta6z%2FaWu3%2BAPWxRO6BFLoi2qQE2Y%2FHqJfdD0MSeWRU%2Br1Bjo5QnWiGntowix66cFNWt8BNL8Sy8MTCHIbBkx"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /contact.rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15460&min_rtt=14498&rtt_var=1018&sent=192&recv=86&lost=0&retrans=0&sent_bytes=192842&recv_bytes=17919&delivery_rate=61700&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1171&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/x-component
content-disposition: inline
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: PRERENDER
cf-ray: 8efa970d9fd29f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::lthc7-1733805974688-9290ddf1c5c4

GET
H3 200 1
malware.popdocs.net/tools/ 130 B
0 1061ms
1061ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/1?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MsBTztVmeKa06kAk41UxEh4WVUBfuaQfJFZbjtAvYXI4R8QGIGSKqBbdGpsPsHdf4jJfF91ICyfremDFWnTY%2FzjbkACYRrhGO0GXgpUo%2Fl8hshkn0LOwQBd%2FIjNjtBdpPIg13Xgm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15272&min_rtt=14498&rtt_var=593&sent=206&recv=93&lost=0&retrans=0&sent_bytes=199947&recv_bytes=21920&delivery_rate=58748&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1898&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa970d9fd49f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::ml7dl-1733805974688-13e76e20bada

GET
H3 200 2
malware.popdocs.net/tools/ 130 B
0 1055ms
1055ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/2?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MdmEp19Otfeqqhr4QBRewwYdWdSV8AZt%2FLAgv630f%2FK7H8vwQQt0rZkVvBXsWcpQfUKmlQIORbI%2BHGeHX9MzXIDvhdlWi62q5vSgurV34DJjahaoSJHV%2B0%2F8oUNSv%2FdCozOo0SLh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15272&min_rtt=14498&rtt_var=593&sent=203&recv=93&lost=0&retrans=0&sent_bytes=198077&recv_bytes=21920&delivery_rate=58748&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1893&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa970d9fd59f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::7lshl-1733805974689-eedd4632e9f3

GET
H3 200 3
malware.popdocs.net/tools/ 130 B
0 1080ms
1080ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/3?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yvug2xhVZI8VFicBbkvW9FJCHdEaLLl0yCnEAPLANoYCahJ4sqVWhUVkqpcU5g7IU9R%2Fco3NM5lfpmeUcRmlStsEISE%2Bvvdp7FL%2B9zTXbK%2Bd4WkJkGxPjztYiIAsSwS1emfzjJBm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15215&min_rtt=14498&rtt_var=440&sent=212&recv=95&lost=0&retrans=0&sent_bytes=201995&recv_bytes=23006&delivery_rate=152699&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1916&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa970d9fd69f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::crrps-1733805974689-2c54caf8521e

POST rum
cloudflareinsights.com/cdn-cgi/ 0
0

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ 0
0 64ms
20ms Preflight
text/plain 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://malware.popdocs.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://malware.popdocs.net
access-control-max-age: 86400
cf-ray: 8efa970e4d890b68-AMS
content-encoding: gzip
content-type: text/plain
date: Tue, 10 Dec 2024 04:46:14 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 404 favicon.ico
malware.popdocs.net/ 11 KB
4 KB 60ms
60ms Other
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88a4c4c18ec4e30726b8a3c315835cfb4c18b4d865c5bb262fbdae72c7e6b832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ogf30nIiGA6K8Q1wBOKkAJZf%2FHnT08HmNpHtcDoEKuIpNXz1zMqx6jX1dsMypaG1xmsFVtWmUKVkYKzRy8bhGgIOD%2FMeS6abBmh4Uv7HMzQq2lmmIE4JyD1h%2FtsICzG4FhfHSQd5"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /404
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15677&min_rtt=14498&rtt_var=1124&sent=185&recv=84&lost=0&retrans=0&sent_bytes=186160&recv_bytes=17829&delivery_rate=551256&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=964&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/html; charset=utf-8
content-disposition: inline; filename="404"
vary: Accept-Encoding
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 00:23:07 GMT
cf-ray: 8efa970e08349f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::hfnq7-1733805974757-6fa5fd8b464f

POST
H3 200 t Show response
malware.popdocs.net/cdn-cgi/zaraz/ 1 KB
3 KB 38ms
38ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/cdn-cgi/zaraz/t

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6b2de98662ed5dac06cf91f4f68bfbdb9e4ef1744bccd708d6c8bfc4097ecc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://malware.popdocs.net/

Response headers

access-control-max-age: 600
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PVaPPzTpEnR8ehJ3kAZjPv%2FFzkm1gSPPxdpnZZQNC3LXzrUMMtf1Sz5qmQSSLDOi1u5EWg0xnVxO5ko20gw%2FdQAKJtxB9%2FiRcqYAUDI%2B2OZ2hgJZvpS%2FhIZpIVkw1gWf4QdaxKP%2F"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD, POST, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15677&min_rtt=14498&rtt_var=1124&sent=181&recv=84&lost=0&retrans=0&sent_bytes=183175&recv_bytes=17829&delivery_rate=551256&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=948&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: application/json
vary: Origin, Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
strict-transport-security: max-age=15552000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8efa970e083c9f87-AMS
access-control-allow-origin: https://malware.popdocs.net
server: cloudflare

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
0 1ms
1ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9236847887178276

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b2586f6d8869fb4b596ba6b5158dc23cd976d3128a8a420e308289233a45d36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://malware.popdocs.net
Referer: https://malware.popdocs.net/

Response headers

content-encoding: br
etag: 7025726241887646176
x-content-type-options: nosniff
expires: Tue, 10 Dec 2024 04:46:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 10 Dec 2024 04:46:13 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53417
x-xss-protection: 0
server: cafe

GET
H3 204 collect
stats.g.doubleclick.net/g/ 0
0 69ms
24ms Fetch
text/plain 64.233.166.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-XXS0T1JJPC&cid=5340d363-aad0-4556-8f5d-5ec4280a2b68&_u=KGDAAEADQAAAAC%7E&z=835326438
Requested by: Host: malware.popdocs.net
URL: https://malware.popdocs.net/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyTWFsd2FyZSUyMEFuYWx5c2lzJTIwYnklMjBSRlMlMjIlMkMlMjJ4JTIyJTNBMC4zNjUwMjM3MDEzMjkyNjk0JTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZtYWx3YXJlLnBvcGRvY3MubmV0JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtNjAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 64.233.166.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wm-in-f155.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 10 Dec 2024 04:46:14 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 page-1f5baab37ba1989c.js Show response
malware.popdocs.net/_next/static/chunks/app/about/ 232 B
1 KB 497ms
497ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/app/about/page-1f5baab37ba1989c.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/webpack-41a9ee0a1d65a3d2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70bd65a8b041efdc95271cb5697e1c58c1f7d5ab585f728f004a9dea100a53d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"d6cee2417947019462330308b9a24478"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6p8C6JD2BD4kjMXKpwL51tHpo9jJERhEnpOpiO%2FO0nwmWTX0JGhdktQSckY9HWdc7hlQr%2FFGDV5xw7M2MM1AASz3AfCM%2FjT857n0mIDqIZ%2F4IvD5m8vjDFBsJZtG1b%2Bn7%2F5x0tZQ"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/app/about/page-1f5baab37ba1989c.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15252&min_rtt=14498&rtt_var=739&sent=201&recv=92&lost=0&retrans=0&sent_bytes=196923&recv_bytes=21875&delivery_rate=5848&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1663&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="page-1f5baab37ba1989c.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:15 GMT
cf-ray: 8efa970fa9829f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::dz8xp-1733805975020-73cd9f7ff6b5

GET
H3 200 4
malware.popdocs.net/tools/ 130 B
0 738ms
738ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/4?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WuanG2ZKx2awsBquOw7HwvRa2bNUjm9aAf%2F2nSbVgtv9NBL1eTpjQ8WDv794oIpBkgeDZ3wXSHCxjIYaBWLU8po%2B%2BT0voDvlnc3mRMRlh95AvFglaKWJ59JQJ%2B63oXteFBGLMwV1"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15272&min_rtt=14498&rtt_var=593&sent=207&recv=93&lost=0&retrans=0&sent_bytes=200808&recv_bytes=21920&delivery_rate=58748&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1906&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa970fa9839f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::6p2wc-1733805974995-27c2e0165c0a

GET
H3 200 page-021b54fb42c2ffef.js Show response
malware.popdocs.net/_next/static/chunks/app/contact/ 232 B
1 KB 195ms
195ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/_next/static/chunks/app/contact/page-021b54fb42c2ffef.js

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/webpack-41a9ee0a1d65a3d2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf4de7a7e221ab2cc787bd5df129dea0d5041bdcf1f6c8f203bcf987f3ebf1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://malware.popdocs.net/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"697683823d8c738341b6309b0802cd31"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjW1kI6EMs1xex6mfoiHjhvLiPzf1V6Hj5QH6zJwJQNrV7jWNbmLtrhRnz5CH6hnx1qVXft12sweSSRSlwdMkfPfCQGBpNFw7LXLZCB3bCUHMHtUyKVV%2BiDiJNQnobbocfO%2BIEa3"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /_next/static/chunks/app/contact/page-021b54fb42c2ffef.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15304&min_rtt=14498&rtt_var=846&sent=199&recv=91&lost=0&retrans=0&sent_bytes=195772&recv_bytes=21830&delivery_rate=288032&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1368&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="page-021b54fb42c2ffef.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=31536000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: HIT
last-modified: Tue, 10 Dec 2024 04:46:15 GMT
cf-ray: 8efa970fb9889f87-AMS
access-control-allow-origin: *
server: cloudflare
x-vercel-id: fra1::bz9dl-1733805975029-2f3610475b99

GET
H3 200 5
malware.popdocs.net/tools/ 130 B
0 722ms
722ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/5?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vpffy76IbPGqrsU9T57%2FHAoAAi5svA%2Bvm0fUWnUm5r%2F5Ocvde7UYvtLnjQR9tobf6yX6xVg%2BrBWck0tHtaE1nvFf7R6ACdwDVQ0XdCCnMuAuxPA7GBT%2FNlZSN%2F0%2BGTrqWfBErkYw"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15272&min_rtt=14498&rtt_var=593&sent=205&recv=93&lost=0&retrans=0&sent_bytes=199081&recv_bytes=21920&delivery_rate=58748&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=1898&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa970fb98a9f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::ml7dl-1733805975003-656ee07b5941

GET
H3 200 6
malware.popdocs.net/tools/ 130 B
0 165ms
165ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/6?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ynusx5dV4MSx4BvvMab9xkztvYAlaCF85Rdwg%2BS4ywBjKW%2B5UECAVwCXYNOMCN4K%2Fc4%2B6RQ1N2oYjZYA5mVdSRKjus9%2BBEJmc7X6akhD1Y%2B%2FebJD7nqmvhPUJK7v1yIjPi4gMZGS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15353&min_rtt=14498&rtt_var=639&sent=218&recv=98&lost=0&retrans=0&sent_bytes=205110&recv_bytes=25126&delivery_rate=95801&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=2059&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa97143de29f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::8csrl-1733805975731-46dc0bda2a13

GET
H3 200 7
malware.popdocs.net/tools/ 130 B
0 151ms
151ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/7?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovdKiqlB4z5cd45aQdaP7E%2BCW5SVhTiq7B%2FlpKrnqy8AL7e21%2BIAbRg84LRw%2Fbc6HQZGf2W0ZEkmKoSWTLPSOisacHZPqvUHzvgdgv1vgYTMefbD7adX43pGRVP9SZ8z5TsXtBEG"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15353&min_rtt=14498&rtt_var=639&sent=217&recv=98&lost=0&retrans=0&sent_bytes=204137&recv_bytes=25126&delivery_rate=95801&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=2059&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa97144dee9f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::ssm9z-1733805975736-93d2942d181b

GET
H3 200 8
malware.popdocs.net/tools/ 130 B
0 148ms
148ms Fetch
text/x-component 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malware.popdocs.net/tools/8?_rsc=1wtp7

Requested by

Host: malware.popdocs.net
URL: https://malware.popdocs.net/_next/static/chunks/117-de5a682abea88488.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

RSC: 1
Referer: https://malware.popdocs.net/
Next-Url: /
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Next-Router-Prefetch: 1
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyvbTe9u%2BnIhucSbO%2B1BX1r5SUMiTae%2FDmlM9IHZOahg9R6IseVFZ0C3%2B4ixFS965epM1h0YCRwvKe7eNtCU4k6bW8AbL3lo9MnxMyXjAquCE4W1J%2BxEAER7H%2BrZOxmLOBurNK1y"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-matched-path: /tools/[id].rsc
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15353&min_rtt=14498&rtt_var=639&sent=216&recv=98&lost=0&retrans=0&sent_bytes=203159&recv_bytes=25126&delivery_rate=95801&cwnd=96000&unsent_bytes=0&cid=5486a8d32a817b41&ts=2055&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 10 Dec 2024 04:46:15 GMT
content-type: text/x-component
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
priority: u=1,i
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-cache: MISS
cf-ray: 8efa97144def9f87-AMS
server: cloudflare
x-vercel-id: fra1::iad1::m2xj9-1733805975737-c2de254f6c92

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cloudflareinsights.com
URL: https://cloudflareinsights.com/cdn-cgi/rum

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.popdocs.net/	1969-12-31 23:59:59	Name: cfzs_google-analytics_v4 Value: %7B%22fe49_pageviewCounter%22%3A%7B%22v%22%3A%222%22%7D%7D
			.popdocs.net/	1970-01-21 10:22:21	Name: cfz_google-analytics_v4 Value: %7B%22fe49_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1765341974738%7D%2C%22fe49_engagementStart%22%3A%7B%22v%22%3A%221733805974738%22%2C%22e%22%3A1765341974738%7D%2C%22fe49_counter%22%3A%7B%22v%22%3A%222%22%2C%22e%22%3A1765341974738%7D%2C%22fe49_ga4sid%22%3A%7B%22v%22%3A%221008725048%22%2C%22e%22%3A1733807774738%7D%2C%22fe49_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1765341974738%7D%2C%22fe49_ga4%22%3A%7B%22v%22%3A%225340d363-aad0-4556-8f5d-5ec4280a2b68%22%2C%22e%22%3A1765341974738%7D%2C%22fe49__z_ga_audiences%22%3A%7B%22v%22%3A%225340d363-aad0-4556-8f5d-5ec4280a2b68%22%2C%22e%22%3A1765341974121%7D%2C%22fe49_let%22%3A%7B%22v%22%3A%221733805974738%22%2C%22e%22%3A1765341974738%7D%7D

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://malware.popdocs.net/circuit-board.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://malware.popdocs.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://malware.popdocs.net/ Message: Access to XMLHttpRequest at 'https://cloudflareinsights.com/cdn-cgi/rum' from origin 'https://malware.popdocs.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cloudflareinsights.com/cdn-cgi/rum Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloudflareinsights.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
lh3.googleusercontent.com
malware.popdocs.net
pagead2.googlesyndication.com
sdk.soopr.co
static.cloudflareinsights.com
stats.g.doubleclick.net
www.google.com
cloudflareinsights.com
142.250.184.206
142.250.185.228
142.250.186.67
172.217.16.194
188.114.97.3
2606:4700::6810:4f49
2606:4700::6810:5049
2a00:1450:4001:808::200a
2a00:1450:4001:829::2001
2a00:1450:4001:82b::200e
2a00:1450:400c:c09::9c
2a05:d014:58f:6200::65
2a06:98c1:3120::3
64.233.166.155
03b6db4336158a4f46a4980ca088a697c7e55968aceb86faba810d728cd929c0
0bd2dacce61962edbf5b1844ef63c31b50546c8e52990b0be5648d17b10be4cc
177b57cd23cb42c4333d91b3a31a3392547b1453ba30ad60f288887c1a5a4d57
230c6068f9e9114580013b7085e2528f2e6e53a88070013accced8e454b3c593
293ea251bde5f589c18b05404c0dda7ca4ea48575cc6f3967a938de7fdca985b
3226c45ab244f44d0b7c4f0d027674fcdb655387cb470f07f2ea48e7ad397bb0
3776d5ecfa36008fb81e657b567977f9ddb467b3d406f6903eecf439dafa74fc
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3fe395fafbd0eee9874dff87e6261b938c345f9ff4bdd23e63f805c10d7f6446
55376829a1ab48b0aaa1c331fedf642adf44feb71fa57c35a358bb082ca84055
561f04ca227bbc6897f320ff47f972e3b9f9331e3ab7422be71d10ebd467ac23
586bd9a297ca4cd9712a5fb65ed97e6b838b9b752d12eee61645502ae6562a0b
70bd65a8b041efdc95271cb5697e1c58c1f7d5ab585f728f004a9dea100a53d1
88a4c4c18ec4e30726b8a3c315835cfb4c18b4d865c5bb262fbdae72c7e6b832
892fdb2e5c44c5f901e7afb124ce07e4522e72ac445492eb8e4570e11aa56457
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
93843087de178864db7ec985b03aa9ee87489a8e0209a3c2e3d684ce8f0061eb
9826c3cbd94dbd150e3cb487808da153fb8f3ee63a9df65a2a0be07a0434658d
a6b2de98662ed5dac06cf91f4f68bfbdb9e4ef1744bccd708d6c8bfc4097ecc5
b2586f6d8869fb4b596ba6b5158dc23cd976d3128a8a420e308289233a45d36d
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
cda3645363fe3b2392f8723990b42ff2e6ab075bb5d701b0621d2e88860d595a
cf4de7a7e221ab2cc787bd5df129dea0d5041bdcf1f6c8f203bcf987f3ebf1a8
d6ff8db6c78d00bf303b993c354a67642ab902d136d484d661d445460b5db7f8
e204981d55f57888633fba363a77c3a472653c0cbfae5c1ecdee1aab76c275e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaad5f0663773b82a2c9d31a0a7b0ff9b5324c4410bd4ca9a5c1511addc9bce2
ece8e954bd5203f9145d0d8efd667cbce031f14e880c6542a483a53ab9ea5193
f045b6054afd799c2a4d14c782944b20c6b044c9e62d1210caf3d36925e90e8a
fc9a424f16f7f31559063ea61e79348b6194f6448f4abe297fdc689a0ce5aea7

malware.popdocs.net Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

46 Requests

98 %HTTPS

57 %IPv6

9 Domains

11 Subdomains

15 IPs

4 Countries

660 kBTransfer

2276 kBSize

2 Cookies

0 Outgoing links

Redirected requests

46 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

malware.popdocs.net Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

46
Requests

98 %
HTTPS

57 %
IPv6

9
Domains

11
Subdomains

15
IPs

4
Countries

660 kB
Transfer

2276 kB
Size

2
Cookies

46 HTTP transactions
0 data transactions