reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Submission: On August 09 via api (August 9th 2024, 6:25:26 am UTC) from DE — Scanned from US

Summary HTTP 399 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 22 IPs in 2 countries across 17 domains to perform 399 HTTP transactions. The main IP is 76.76.21.21, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is reasonlabs.com. The Cisco Umbrella rank of the primary domain is 302972.
TLS certificate: Issued by R10 on June 25th 2024. Valid for: 3 months.

This is the only time reasonlabs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
116	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
51	2606:4700::68... 2606:4700::6812:e3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.242.229 104.16.242.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2607:f8b0:400... 2607:f8b0:400d:c0b::61	15169 (GOOGLE) (GOOGLE)
18	2600:9000:26c... 2600:9000:26c1:6600:16:b250:9b40:93a1	16509 (AMAZON-02) (AMAZON-02)
6	13.32.151.87 13.32.151.87	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700::68... 2606:4700::6812:1d7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
21	2606:4700:20:... 2606:4700:20::681a:d5f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
28	23.205.106.75 23.205.106.75	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
52	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2607:f8b0:400... 2607:f8b0:400d:c0b::9a	15169 (GOOGLE) (GOOGLE)
9	2001:4860:480... 2001:4860:4802:32::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c09::9d	15169 (GOOGLE) (GOOGLE)
4	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	72.21.81.130 72.21.81.130	15133 (EDGECAST) (EDGECAST)
5	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
10	2607:f8b0:400... 2607:f8b0:400d:c0f::93	15169 (GOOGLE) (GOOGLE)
10	2a03:2880:f10... 2a03:2880:f103:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8	104.16.53.111 104.16.53.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
399	22

116 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2606:4700::6812:e3e (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.242.229 (None, )

ASN13335 (CLOUDFLARENET, US)

static-cf.cleverbridge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2607:f8b0:400d:c0b::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2600:9000:26c1:6600:16:b250:9b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.reasonlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.32.151.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-151-87.iad66.r.cloudfront.net

pac.rlproton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1d7f (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:20::681a:d5f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.equalweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 23.205.106.75 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-75.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:400d:c0b::9a (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2001:4860:4802:32::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c09::9d (Morganton, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)

ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.21.81.130 (United States)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:400d:c0f::93 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:2880:f103:181:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)

reasonsecurity.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
134	reasonlabs.com reasonlabs.com — Cisco Umbrella Rank: 302972 cdn.reasonlabs.com — Cisco Umbrella Rank: 399412	1 MB
56	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854 ekr.zdassets.com — Cisco Umbrella Rank: 4356	521 KB
51	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 13568	167 KB
28	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	155 KB
21	equalweb.com cdn.equalweb.com — Cisco Umbrella Rank: 32686	22 KB
20	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	369 KB
19	google.com analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	640 B
11	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 stats.g.doubleclick.net — Cisco Umbrella Rank: 252	14 KB
10	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	6 KB
10	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	73 KB
8	zendesk.com reasonsecurity.zendesk.com	2 KB
6	rlproton.com pac.rlproton.com	1 KB
5	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	954 B
5	t.co t.co — Cisco Umbrella Rank: 979	1 KB
5	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
5	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	916 B
5	cleverbridge.com static-cf.cleverbridge.com — Cisco Umbrella Rank: 427989	8 KB
399	17

	Domain	Requested by
116	reasonlabs.com	reasonlabs.com cookie-cdn.cookiepro.com analytics.tiktok.com
52	static.zdassets.com	reasonlabs.com static.zdassets.com
51	cookie-cdn.cookiepro.com	reasonlabs.com cookie-cdn.cookiepro.com analytics.tiktok.com
28	analytics.tiktok.com	reasonlabs.com analytics.tiktok.com
21	cdn.equalweb.com	reasonlabs.com cdn.equalweb.com
20	www.googletagmanager.com	reasonlabs.com www.googletagmanager.com
18	cdn.reasonlabs.com	reasonlabs.com
10	www.facebook.com	reasonlabs.com
10	www.google.com	reasonlabs.com
10	googleads.g.doubleclick.net	www.googletagmanager.com
10	connect.facebook.net	reasonlabs.com connect.facebook.net
9	analytics.google.com	www.googletagmanager.com analytics.tiktok.com
8	reasonsecurity.zendesk.com	static.zdassets.com
6	pac.rlproton.com	reasonlabs.com
5	analytics.twitter.com	reasonlabs.com
5	t.co	reasonlabs.com
5	static.ads-twitter.com	www.googletagmanager.com
5	geolocation.onetrust.com	cookie-cdn.cookiepro.com
5	static-cf.cleverbridge.com	reasonlabs.com
4	ekr.zdassets.com	static.zdassets.com
1	stats.g.doubleclick.net	www.googletagmanager.com
399	21

This site contains links to these domains. Also see Links.

Domain
chromewebstore.google.com
microsoftedge.microsoft.com
cyberpedia.reasonlabs.com
source.chromium.org
www.virustotal.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
familykeeper.reasonlabs.com
cookiepedia.co.uk
www.cookiepro.com

Subject Issuer	Validity	Valid
reasonlabs.com R10	`2024-06-25` - `2024-09-23`	3 months	crt.sh
cookiepro.com E6	`2024-07-17` - `2024-10-15`	3 months	crt.sh
*.cleverbridge.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-21` - `2024-12-21`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
rlproton.com Amazon RSA 2048 M02	`2023-11-14` - `2024-12-12`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
equalweb.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-18` - `2024-08-16`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
zdassets.com E6	`2024-06-29` - `2024-09-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
reasonsecurity.zendesk.com E6	`2024-06-15` - `2024-09-13`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Frame ID: E253D0AE052A391FC4F458F5ADC82E46
Requests: 173 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: A677C51E5F2A8069B3EE68AD4429813F
Requests: 62 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 9D525AD6B196927291177B6D162BBC83
Requests: 14 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 5FC22AEFCE1E13CBEBFF3EA451FE83AD
Requests: 65 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: ECA5DF8860A5F631C7C5D7D3F6711F03
Requests: 65 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 16C5EB93BECAB35DF66D6A8E6DE2CA4A
Requests: 14 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 7356ED67F351247B3A7347D03D1F8FDC
Requests: 14 HTTP requests in this frame

Frame: https://reasonlabs.com/chat
Frame ID: 9FA41CB1FA2512A41D2F840DCAE00E3B
Requests: 61 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Frame ID: 95E4E17F4A4E3806E821F50D59DBB42A
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Extension Trojan Malware Campaign | ReasonLabs

Detected technologies

EqualWeb (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.equalweb\.com.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Page Statistics

399
Requests

100 %
HTTPS

52 %
IPv6

17
Domains

21
Subdomains

22
IPs

2
Countries

2593 kB
Transfer

26026 kB
Size

13
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://chromewebstore.google.com/
Title: Chrome Web Store

Search URL Search Domain Scan URL

URL: https://microsoftedge.microsoft.com/addons/Microsoft-Edge-Extensions-Home
Title: Microsoft Edge Add-ons

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/malware.html
Title: malware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/trojan.html
Title: trojan

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/adware.html
Title: adware

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/powershell.html
Title: PowerShell

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/EN/c2.html
Title: C2

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/HEAD:chrome/browser/upgrade_detector/upgrade_detector_impl.cc;l=204
Title: outdatedbuilddetector

Search URL Search Domain Scan URL

URL: https://source.chromium.org/chromium/chromium/src/+/main:extensions/docs/security_faq.md?q=extensions-on-chrome-url&ss=chromium%2Fchromium%2Fsrc
Title: removes protection

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details
Title: https://www.virustotal.com/gui/url/22e7d2d85820b49f1278ce152c5ed39fd88087c7a998dcf348b6164d5b33bb8d/details

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/collection/04480b9dc7eb0e7150ff89df24c8f30f11f40714b93a1cab00712bde7019fc55
Title: collection and graph with IOCs

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content
Title: https://www.virustotal.com/gui/file/5ce016d3133d960f68b0415d5bb825b143713ffaea751b098ffcf80353bc171b/content

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ReasonLabsCyberSec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/6428902

Search URL Search Domain Scan URL

URL: https://twitter.com/Reasonsecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Reasoncoresecurity

Search URL Search Domain Scan URL

URL: https://cyberpedia.reasonlabs.com/
Title: Cyberpedia

Search URL Search Domain Scan URL

URL: https://familykeeper.reasonlabs.com/
Title: FamilyKeeper

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.cookiepro.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

399 HTTP transactions
84 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-widespread-extension-trojan-malware-campaign Show response
reasonlabs.com/research/ 171 KB
26 KB 121ms
46ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240354
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:25:14 GMT
etag: W/"4c36bb3ea1f535b00fe0a077c0555e8f"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /research/new-widespread-extension-trojan-malware-campaign
x-vercel-cache: HIT
x-vercel-id: iad1::7llcv-1723184714932-4870d1514b34

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ 40 KB
10 KB 26ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 0ec662aeefa47c32.css
reasonlabs.com/_next/static/css/ 6 KB
2 KB 25ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/0ec662aeefa47c32.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723184714989-e9c6ea87724d
age: 239897
x-matched-path: /_next/static/css/0ec662aeefa47c32.css
etag: W/"04f463cae17c5216cf98aeb5eef54d84"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="0ec662aeefa47c32.css"

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 21 KB
7 KB 107ms
23ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 39705
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf54cd24340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ 29 KB
7 KB 114ms
31ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45433
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05aaf54d157d1e-EWR
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:30:15 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ 28 KB
9 KB 32ms
28ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hs7rb-1723184715013-4e7bea84dbc3
age: 240543
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ 127 KB
43 KB 34ms
30ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715020-2c539a53a7bc
age: 240543
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ 106 KB
33 KB 33ms
29ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::p28p9-1723184715013-8a823bc1a4f1
age: 240543
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ 140 KB
48 KB 23ms
19ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723184715013-170c1f74a07d
age: 240543
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 1852-bf14fe5709c35c21.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
7 KB 30ms
26ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1852-bf14fe5709c35c21.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715013-2fe13d0e1f44
age: 240543
x-matched-path: /_next/static/chunks/1852-bf14fe5709c35c21.js
etag: W/"c8b074dcfa0d3e6b43b3bd000532a754"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1852-bf14fe5709c35c21.js"

GET
H2 200 1994-ba9996d7d0129c46.js Show response
reasonlabs.com/_next/static/chunks/ 89 KB
27 KB 31ms
28ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/1994-ba9996d7d0129c46.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715013-e5b7144f15d2
age: 239897
x-matched-path: /_next/static/chunks/1994-ba9996d7d0129c46.js
etag: W/"4a12dc93f95e41b444abc36219623c5d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1994-ba9996d7d0129c46.js"

GET
H2 200 new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js Show response
reasonlabs.com/_next/static/chunks/pages/research/ 1 KB
890 B 26ms
23ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jbst9-1723184715013-3cf0f9c3b19e
age: 239897
x-matched-path: /_next/static/chunks/pages/research/new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js
etag: W/"27f1f4b9d213f6738db771082c1e2332"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="new-widespread-extension-trojan-malware-campaign-ca5aebcd917be284.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 14 KB
4 KB 23ms
20ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::7llcv-1723184715013-060e86cbb06e
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ 2 KB
732 B 31ms
29ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715018-d9d138f629d0
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 267 KB
94 KB 88ms
31ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96021
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 chat Show response
reasonlabs.com/ Frame A677 3 KB
1 KB 18ms
18ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/chat

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240551
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:25:15 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::d9wvx-1723184715016-ecf39ac49eff

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 80 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 arrow-menu.fab38cce.svg
reasonlabs.com/_next/static/media/ 586 B
776 B 19ms
18ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/arrow-menu.fab38cce.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715079-62fb2321dd45
age: 240543
x-matched-path: /_next/static/media/arrow-menu.fab38cce.svg
etag: "62a6b7c588b06e2c179e21ebcdc844fb"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="arrow-menu.fab38cce.svg"
accept-ranges: bytes
content-length: 586

GET
H2 200 facebook.c9139725.svg
reasonlabs.com/_next/static/media/ 805 B
970 B 19ms
18ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/facebook.c9139725.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715087-9dcf93e305d3
age: 240543
x-matched-path: /_next/static/media/facebook.c9139725.svg
etag: "51edd89129d5d27144d876c542689bd3"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="facebook.c9139725.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 linkedin.3950c8b8.svg
reasonlabs.com/_next/static/media/ 1 KB
770 B 20ms
19ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/linkedin.3950c8b8.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jbst9-1723184715086-f2d5bad8e1fd
age: 240543
x-matched-path: /_next/static/media/linkedin.3950c8b8.svg
etag: W/"ed3fcfc3bf6da0c4a8dc51342136883c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="linkedin.3950c8b8.svg"

GET
H2 200 twitter.d8c3fb02.svg
reasonlabs.com/_next/static/media/ 930 B
1 KB 28ms
27ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/twitter.d8c3fb02.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wnkcn-1723184715086-5db28aa49f97
age: 240543
x-matched-path: /_next/static/media/twitter.d8c3fb02.svg
etag: "fd51f1fe67f862f4b727cca9a09f9cec"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="twitter.d8c3fb02.svg"
accept-ranges: bytes
content-length: 930

GET
H2 200 youtube.ea5ff4f6.svg
reasonlabs.com/_next/static/media/ 1 KB
812 B 17ms
17ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/youtube.ea5ff4f6.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::d9wvx-1723184715086-a3e34817f5a7
age: 240543
x-matched-path: /_next/static/media/youtube.ea5ff4f6.svg
etag: W/"0832d214ba4de693904d0aa232ae095c"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="youtube.ea5ff4f6.svg"

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ 45 KB
45 KB 176ms
20ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 19:51:54 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 38002
etag: "0db105f867c7eb2e491db586cc26b417"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: WlOhgFu03Rnx96B98mO3o2AjjyRBRvQi-IyYzxaWDbeSU6DSykFc4A==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 249ms
93ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: s2kFBoO8djA3y6PgZDaZQiFUIVaq5VukUW7Mv5D3_0s0aehtUksDyQ==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ 47 KB
47 KB 175ms
19ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 23:01:26 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 26629
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47772
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
etag: "6d10397a151d83e4407fecd27f76cafb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: PthcJNia0xVi1-rQghiAXqVZ-tHGs3UhvZZwgXTL4kCWkvMc4qYzYg==

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ 45 KB
46 KB 192ms
36ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 22:02:45 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 30151
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46444
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
etag: "78e812f3fda430191facc31c64a4b927"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: jo-hij__KQ_e0PC5xNxZmASr3K8Ut_B9fVJ20VK6HXXzIjCUNyyTdQ==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ 46 KB
46 KB 258ms
103ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: wT495oPzIn39N-ybkakkVZF9tzaPJYnlGthkgy8DDru4vg5vnCWhug==

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame A677 40 KB
0 26ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame A677 264 B
443 B 121ms
120ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::nwxww-1723184715214-2b1a930e2ac8
age: 240543
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame A677 21 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 39705
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf54cd24340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame A677 29 KB
39 B 35ms
24ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45433
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05aaf65d7b7d1e-EWR
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:30:15 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame A677 28 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hs7rb-1723184715013-4e7bea84dbc3
age: 240543
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame A677 127 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715020-2c539a53a7bc
age: 240543
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame A677 106 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::p28p9-1723184715013-8a823bc1a4f1
age: 240543
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame A677 140 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723184715013-170c1f74a07d
age: 240543
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame A677 4 KB
2 KB 32ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715265-5f628211eada
age: 240543
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame A677 14 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::7llcv-1723184715013-060e86cbb06e
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame A677 2 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715018-d9d138f629d0
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame A677 267 KB
0 7ms
7ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ 5 KB
2 KB 53ms
31ms XHR
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 60765
content-md5: gKmtabxTjnCJszgSfszYnQ==
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf67bc11825-EWR

OPTIONS
H2 200 /
pac.rlproton.com/ Frame 0
0 107ms
19ms Preflight
application/json 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: awselb/2.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://reasonlabs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 600
age: 63771
content-length: 0
content-type: application/json; charset=utf-8
date: Thu, 08 Aug 2024 12:42:24 GMT
server: awselb/2.0
vary: Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-id: J-0EdD2cfbT0Erw7vjfdXtChH1u50LVdfZcEA0aRetRj3GhEM4Cuqw==
x-amz-cf-pop: IAD66-C2
x-cache: Hit from cloudfront

POST
H2 200 / Show response
pac.rlproton.com/ 0
240 B 46ms
30ms Fetch 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: 1m-8hTDEdHXq2jBjJiEeqI1eAUmWdODGsyqr5HfFBucr41fdTkfqIw==

GET
DATA 200
OK truncated
/ 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ Frame A677 45 KB
0 192ms
36ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 22:02:45 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 30151
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46444
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
etag: "78e812f3fda430191facc31c64a4b927"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: jo-hij__KQ_e0PC5xNxZmASr3K8Ut_B9fVJ20VK6HXXzIjCUNyyTdQ==

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ Frame A677 45 KB
0 176ms
20ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 19:51:54 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 38002
etag: "0db105f867c7eb2e491db586cc26b417"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: WlOhgFu03Rnx96B98mO3o2AjjyRBRvQi-IyYzxaWDbeSU6DSykFc4A==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ Frame A677 47 KB
0 175ms
19ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 23:01:26 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 26629
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47772
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
etag: "6d10397a151d83e4407fecd27f76cafb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: PthcJNia0xVi1-rQghiAXqVZ-tHGs3UhvZZwgXTL4kCWkvMc4qYzYg==

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame A677 5 KB
0 1ms
1ms XHR
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 60765
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf67bc11825-EWR

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
314 B 102ms
34ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05aaf83ac7c425-EWR
access-control-allow-headers: Content-Type

GET
H2 200 logo-reason-labs.884f8136.svg
reasonlabs.com/_next/static/media/ 8 KB
3 KB 52ms
50ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/logo-reason-labs.884f8136.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715505-22c54ed7b05c
age: 240543
x-matched-path: /_next/static/media/logo-reason-labs.884f8136.svg
etag: W/"7e5a5a50068c3233c88b85d6c0c4ce79"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="logo-reason-labs.884f8136.svg"

GET
H2 200 banner.ee0b4b42.svg
reasonlabs.com/_next/static/media/ 66 KB
22 KB 50ms
49ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/banner.ee0b4b42.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723184715505-3a0a2bef8a93
age: 239717
x-matched-path: /_next/static/media/banner.ee0b4b42.svg
etag: W/"d064284f01adc50e0634645ad3848d8d"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="banner.ee0b4b42.svg"

GET
H2 200 badge.5cc43f89.svg
reasonlabs.com/_next/static/media/ 2 KB
1 KB 51ms
50ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/badge.5cc43f89.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::v2gzc-1723184715505-097526b2b789
age: 240543
x-matched-path: /_next/static/media/badge.5cc43f89.svg
etag: W/"5892cd79270b68dfaa4c5a76ae5dbe46"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="badge.5cc43f89.svg"

GET
H2 200 9669-c1dd85627d14116a.js
reasonlabs.com/_next/static/chunks/ 0
6 KB 49ms
49ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wnkcn-1723184715506-a4d62ced1fe6
age: 240543
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js
reasonlabs.com/_next/static/chunks/ 0
9 KB 58ms
58ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715507-e6dbad2e17a2
age: 240543
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 45ms
44ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jbst9-1723184715507-77a23abc047e
age: 240543
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js
reasonlabs.com/_next/static/chunks/ 0
19 KB 50ms
50ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715508-761f5a2fe0f7
age: 240543
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js
reasonlabs.com/_next/static/chunks/ 0
43 KB 44ms
43ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715508-f513bceef91d
age: 240543
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js
reasonlabs.com/_next/static/chunks/ 0
3 KB 62ms
27ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715519-abccbd8acbbe
age: 240543
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js
reasonlabs.com/_next/static/chunks/pages/ 0
2 KB 57ms
23ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715517-d97baf4ba07c
age: 240543
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 blog.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 181 KB
55 KB 56ms
55ms Fetch
application/json 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/blog.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 05:57:32 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::iad1::qnltm-1723184715509-53f09f387d5d
age: 1662
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/blog.json
etag: W/"fzkv4vjsje3y3i"
x-vercel-cache: STALE
content-type: application/json
cache-control: public, max-age=0, must-revalidate

GET
H2 200 2205-b8b042bddf4b1387.js
reasonlabs.com/_next/static/chunks/ 0
15 KB 61ms
26ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715517-5f16cae132ad
age: 240543
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js
reasonlabs.com/_next/static/chunks/ 0
4 KB 62ms
27ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wjhlt-1723184715517-ce27e46fba49
age: 240543
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js
reasonlabs.com/_next/static/chunks/pages/ 0
827 B 67ms
21ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wjhlt-1723184715557-ba77ebcf651f
age: 240543
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 index.json Show response
reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/ 48 B
222 B 59ms
25ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/data/5eUuBX5htYtNuQSXgmh55/index.json

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723184715517-d604320205ac
age: 240550
x-matched-path: /_next/data/5eUuBX5htYtNuQSXgmh55/index.json
etag: "aa1b2640b6e2044ab22eade428af1e37"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
accept-ranges: bytes
content-length: 48

GET
H2 200 ea88be26-58ed6ef11764b90d.js
reasonlabs.com/_next/static/chunks/ 0
79 KB 68ms
23ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qnltm-1723184715557-7d450fa92cde
age: 240543
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js
reasonlabs.com/_next/static/chunks/ 0
12 KB 66ms
22ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715557-282ac9ef8316
age: 240543
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js
reasonlabs.com/_next/static/chunks/ 0
8 KB 72ms
29ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::jbst9-1723184715557-44b50d65abbb
age: 240543
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js
reasonlabs.com/_next/static/chunks/ 0
405 KB 65ms
23ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wnkcn-1723184715557-d46b8f8eff95
age: 240543
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js
reasonlabs.com/_next/static/chunks/pages/ 0
13 KB 72ms
30ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::v2gzc-1723184715557-8631667fdb72
age: 240543
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 b09dfccc-0d4362519e83f737.js
reasonlabs.com/_next/static/chunks/ 0
7 KB 63ms
21ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::d9wvx-1723184715557-5ef86d3db0c1
age: 240544
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js
reasonlabs.com/_next/static/chunks/ 0
10 KB 74ms
33ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::7llcv-1723184715557-2a8def7fd971
age: 240544
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js
reasonlabs.com/_next/static/chunks/pages/ 0
6 KB 105ms
67ms Other
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hnlns-1723184715557-f67ec4e93b38
age: 240543
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame A677 69 B
139 B 49ms
26ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05aaf8baffc425-EWR
access-control-allow-headers: Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 316 KB
105 KB 46ms
41ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 242 KB
86 KB 71ms
67ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87520
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 117ms
18ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000072-IAD

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 239 KB
85 KB 36ms
34ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86889
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ 43 KB
15 KB 94ms
24ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235222
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1H1p3Y1tzpafrXkF3ElUD0DT8aiDVekgyt3a2H67YVRo8o937BJNjeQTwozIq9AeVM9gQozJ5IgJPY4Qhl7%2Bmwu%2BapyNKnlBokFoUKBVwzXprUZxxg5uAK46Uuvm33OmcA7n5TFZCVZ4OFO6ZM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aaf93cc38c0b-EWR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 55ms
15ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RUivrcZcT335FmMjvtXLFJrzfU7Filr5qbER7HW9V/sqZy0nP/OZMEo/w0LbkKdcmFfxzH3yeO+L8bS1vh+ahQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 151ms
30ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6f9f247d327a26310b415b78455a2832991916d4ab3d03224d3ee489f38110b8

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c331f
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251541BF7EEFABE1EF9FF7F0-40516E0E7DD46807-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=9
content-length: 1644
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251541BF7EEFABE1EF9FF7F0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b2802f984d669227e373d55252e569174bbd94195e020ac0ebb2157b673c30073e968f5a52920e3d45d09ddfcd30bf835
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ 383 KB
92 KB 23ms
23ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 49129
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf8ff474340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 back-arrow-dark.dd4a6803.svg
reasonlabs.com/_next/static/media/ 805 B
1 KB 24ms
22ms Image
image/svg+xml 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/static/media/back-arrow-dark.dd4a6803.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::vjg8b-1723184715674-354e1a2b78c1
age: 239449
x-matched-path: /_next/static/media/back-arrow-dark.dd4a6803.svg
etag: "c09af1c787d4810791793ec917235f3a"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="back-arrow-dark.dd4a6803.svg"
accept-ranges: bytes
content-length: 805

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame A677 10 KB
5 KB 78ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 58
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3PJmv7Cah%2BYdcMt2afne3vwntJXw4QNPJLtH11XmPWy0Pqk81TscWZck%2BPcleNgFTWrKSNsvfWycUfCRsbDWIbfxwBXNLwQVaH146Y4NO5E5PYUaHYLq2y83UD0FcNHV0fUSP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05aaf94c428c93-EWR
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame A677 0
239 B 21ms
20ms Fetch 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: 1GAunknhGjpkt5k8D0h2oxsjhfWY_0b6UnCGeg0MnYQ3BuiVgxJePQ==

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame A677 383 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 49129
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf8ff474340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A677 316 KB
0 1ms
1ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame A677 242 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame A677 56 KB
18 B 31ms
15ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000072-IAD

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame A677 239 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame A677 43 KB
0 4ms
4ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1H1p3Y1tzpafrXkF3ElUD0DT8aiDVekgyt3a2H67YVRo8o937BJNjeQTwozIq9AeVM9gQozJ5IgJPY4Qhl7%2Bmwu%2BapyNKnlBokFoUKBVwzXprUZxxg5uAK46Uuvm33OmcA7n5TFZCVZ4OFO6ZM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aaf93cc38c0b-EWR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame A677 225 KB
0 5ms
5ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RUivrcZcT335FmMjvtXLFJrzfU7Filr5qbER7HW9V/sqZy0nP/OZMEo/w0LbkKdcmFfxzH3yeO+L8bS1vh+ahQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame A677 5 KB
2 KB 78ms
33ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4a7cb52f34f5888cd424ce888276a212425c4ac4e59cc150e058bc4bf022937e

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3338
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251541BF7EEFABE1EF9FF7F2-2FE7239B00D5FB2A-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=1, origin; dur=13
content-length: 1605
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251541BF7EEFABE1EF9FF7F2
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 13,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303ba4a6147b14415620f98081ec7ee4c7939d99863318d3458216138f4b09ec45c22b01e51dee7c86e1a9abe09cb51a31e7
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ 30 KB
8 KB 30ms
30ms Fetch
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 41118
content-md5: s3PZdWUVNsl3Toq97yu7hA==
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf9dd831825-EWR

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ 2 KB
1 KB 79ms
31ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723184715884&cv=11&fst=1723184715884&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7a8d3ab9322623cdda11c8c5eb5db17154ccf4ff1f7d2cc85fec7377311999c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1372
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 51ms
23ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723184715062&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723184715&sct=1&seg=0&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1027
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
244 B 72ms
24ms Ping
text/plain 2607:f8b0:400d:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-EWLR9P86R1&cid=874283651.1723184716&gtm=45je4880v888969020z8853740014za200zb853740014&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c09::9d Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 82ms
81ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/306027671784119?v=2.9.164&r=stable&domain=reasonlabs.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=65, mss=1328, tbw=64436, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: public
x-fb-debug: jNrbwCiUgv4hkwFwSR26TWaA9DFG982/IhTg1tXihYuONNYFyYN+W+6ZOTjU5zj+/aeW7OTZxNaJF61UyMZTCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ 2 KB
1 KB 33ms
33ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723184715972&cv=11&fst=1723184715972&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

380221f47b60c0b312998c8d6fd11e094cc114910bcf4a917b97ab2ba65b45ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1392
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame A677 30 KB
0 0ms
0ms Fetch
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 41118
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf9dd831825-EWR

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame A677 1 KB
1 KB 156ms
101ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxMxTuS%2FClWVrGHLFTujz%2BTI9d%2B431jA2L8w6%2F4AefGrup7ulieV90qQMjFhpKcDUIRPJj7VIF8yy7LmhyVRzzKePzM5kHFGYta6EKDxOsK%2BChzSS7JXIhc%2BRQGJ9hDFClE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05aafadf41180d-EWR

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ 20 KB
4 KB 19ms
18ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235222
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjIklqDLDOkpEeJ9Nz66kT6iyoeXaWcowOPqxc%2FBj5a2DffL814uPMLp9STV0sSjabTe39UcxcOMHktXO5xs6no1hGJNOCqB9ACBV4aQJkp52MygkUsyAXg2%2BuBWqDCMTlN8C%2BL%2By%2BSbAPA2zo4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd78c0b-EWR

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ 105 B
543 B 18ms
17ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235222
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg3KUkfDFX%2FIoDxoMPmru7ZHEyCnvdK7UVbW17otk2J3EU2l5e9GSoJ%2BYTAyFvbYkU1XNM3y5qbp4K3WQPsN6UTBD7NPN%2FQE2k2pOeCcHKc1biaJhTcfQrn5D3UC6Os87ky1ycgIZSTTZTcVCU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd98c0b-EWR

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ 810 B
753 B 369ms
368ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snwyn1H0ijeXZ%2FC5cViW%2FWJkkD2u6t7VvSdT7oqgY0UF3VLZgovA2TOAXHzxsRL3DFJGSblFT2vcQ%2FSJAidbkQdlMDnxqA%2F5NQ5vEJ6UusFb2tRRZ8%2BTV%2BLGT5uFIkdn2%2BCokYU5bUfu%2BdbFxpA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: US
cf-ray: 8b05aafaadda8c0b-EWR

GET
H2 200 adsct
t.co/i/ 43 B
247 B 269ms
216ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=77fa6d55-1522-4a92-8e87-80965692356c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cfe63434-9b96-489a-bdfb-819a6131c4a1&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 81
date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: ff710d2f80da4579
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 5e28d275bff4432e9c9a0229d1c122d3d622bb76314002dff16c980e8a1a3029
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
215 B 214ms
112ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=77fa6d55-1522-4a92-8e87-80965692356c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cfe63434-9b96-489a-bdfb-819a6131c4a1&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 77
date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 046e53a6a599987c
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7f8ad063afe92dcf03b3f387b6dbfb27435d3f47ad7074ed84f545a8ced55a20
content-length: 43

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame A677 64 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=65, mss=1328, tbw=64436, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: public
x-fb-debug: jNrbwCiUgv4hkwFwSR26TWaA9DFG982/IhTg1tXihYuONNYFyYN+W+6ZOTjU5zj+/aeW7OTZxNaJF61UyMZTCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ Frame A677 43 B
377 B 153ms
133ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=99ce92ea-bbbc-4d54-ba68-76a030fbfbc7&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=28d3c834-0d0c-4bbd-a4ff-23579d62ed35&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 81
date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: a5a49a5cddbe9286
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 81634bdd1f170e5bcd3c201d9713e67a579352635a12d571b1459c63f99656c7
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame A677 43 B
393 B 176ms
107ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=99ce92ea-bbbc-4d54-ba68-76a030fbfbc7&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=28d3c834-0d0c-4bbd-a4ff-23579d62ed35&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 74
date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 14581b8ee70b2bc0
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7f8ad063afe92dcf03b3f387b6dbfb27435d3f47ad7074ed84f545a8ced55a20
content-length: 43

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame A677 3 KB
1 KB 33ms
32ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723184716081&cv=11&fst=1723184716081&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4374ebf4f922104d041a19e9fc7b627d25d9d2c5b0003183d69cbf5f1a3c19d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1373
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame A677 3 KB
1 KB 36ms
35ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723184716088&cv=11&fst=1723184716088&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e686f3add219adb50c6d8258b7c18439735482bbb91d638de7d694c456b6e2eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1372
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 331 KB
95 KB 19ms
18ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3418
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408081344078F89007EC1B9FA523050
x-tt-trace-id: 00-2408081344078F89007EC1B9FA523050-2482DFFFF3D73CC3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014a5b1316db7dc601d05c7f7ef87b676c6bf0ccb52103a8a5c3e99c7963020ae083b24334a9500c203a6b80d6b961761df3774fca84bca8da672cd0c0777868988566c7905df9bccbaead871dc2ccd8ea7b4c2f8ffadb86824f821b6ff3e8b69a
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 96240

POST
H2 204 collect
analytics.google.com/g/ Frame A677 0
0 24ms
23ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723184715304&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=page_view&tfd=1082
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame A677 331 KB
0 4ms
4ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3418
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408081344078F89007EC1B9FA523050
x-tt-trace-id: 00-2408081344078F89007EC1B9FA523050-2482DFFFF3D73CC3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014a5b1316db7dc601d05c7f7ef87b676c6bf0ccb52103a8a5c3e99c7963020ae083b24334a9500c203a6b80d6b961761df3774fca84bca8da672cd0c0777868988566c7905df9bccbaead871dc2ccd8ea7b4c2f8ffadb86824f821b6ff3e8b69a
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 96240

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 13 KB
3 KB 23ms
21ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 42633
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe121825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ 61 KB
12 KB 26ms
25ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 65881
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe141825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 5 KB
2 KB 25ms
24ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 65881
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe151825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ 21 KB
4 KB 26ms
26ms Fetch
text/css 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 65881
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafbbe161825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame A677 13 KB
0 10ms
10ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 42633
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe121825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame A677 61 KB
0 15ms
15ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 65881
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe141825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame A677 5 KB
0 13ms
13ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 65881
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe151825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame A677 21 KB
0 15ms
15ms Fetch
text/css 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 65881
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafbbe161825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ 42 B
64 B 81ms
30ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723184715884&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf8FYrJAK8u0Cd8zSPzfS60WYQprBAwA&random=2082513242&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ 42 B
64 B 82ms
31ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723184715972&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=0&tiba=Extension%20Trojan%20Malware%20Campaign%20%7C%20ReasonLabs&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf7wETzbH0cJIBIhJfLYv7AIgOS7h4zUvsggSY0ma3VypvOMJ7&random=2750183367&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 51ms
18ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723184716203&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184715956&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=10, mss=1328, tbw=2851, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:25:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
858 B 83ms
50ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&rl=&if=false&ts=1723184716203&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184715956&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:25:16 GMT
document-policy: force-load-at-top
x-fb-server-load: 38
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401022001310676407", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=15, mss=1328, tbw=6720, tp=-1, tpl=-1, uplat=35, ullat=0
pragma: no-cache
x-fb-debug: cxszF7+p1HN7GTw+UxtI9ZGafLSCQ9nxbVtz6j7SVP4xJc+TzKCqjw9rJV3i034zb3GCE2zgV653GAzqUxtcTQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401022001310676407"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 972 KB
276 KB 33ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: EKH3SYBFDADZ3R56
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJbIpkarg5DGT5YFmCUTehizhzoLTC2w5Hw1YXdJlwUBv5kKlx%2BFSHB57GaOyzxeHo2mCRH5tuU%2FGDiL7sxL5sYXzWILXvg%2FfOTsiqT5bkGNHmYNZYrjcD8CLTereIrvY7M2VUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aafc0d898c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame A677 42 B
64 B 40ms
28ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723184716081&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfTig-tWTIGHNxkdvpAsXSlD1WTMAXXMATgx7F1mKj5ZJB9IIc&random=4229330712&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame A677 42 B
64 B 42ms
31ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723184716088&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf2_aXwNMDqJg8dneRyGRu6V68lNUoW254JRXsHk6kQBahEa-K&random=3955298001&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame A677 0
32 B 26ms
17ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723184716228&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184716069&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=10, mss=1328, tbw=2851, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:25:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame A677 67 B
3 KB 60ms
51ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723184716228&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184716069&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:25:16 GMT
document-policy: force-load-at-top
x-fb-server-load: 38
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401022001367462920", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=15, mss=1328, tbw=3201, tp=-1, tpl=-1, uplat=34, ullat=0
pragma: no-cache
x-fb-debug: MAFttVCFwtLrao6UicGhVczY985gXOax5y01g4dBMk+rY20LkrU+C/2ipPzvLRPcj9sneMXGJkjyZbJeisbq9w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401022001367462920"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ot_close.svg
cookie-cdn.cookiepro.com/logos/static/ 651 B
626 B 23ms
23ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 51467
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 2a99f935-f01e-0018-245d-e4f4db000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc29804340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 ot_guard_logo.svg Show response
reasonlabs.com/research/ 24 KB
5 KB 148ms
145ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/research/ot_guard_logo.svg

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

2ded1de717c67321667c2e78389eb399d1b996469fd1500c9c5d5f7561085d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:20:22 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::iad1::7llcv-1723184716201-a13efa5f47af
age: 293
x-matched-path: /research/[page]
etag: W/"2s2km3ij9gj6k"
x-powered-by: Next.js
x-vercel-cache: STALE
content-type: text/html; charset=utf-8
cache-control: public, max-age=0, must-revalidate

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ 33 KB
33 KB 27ms
26ms Image
image/png 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 49207
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafc69aa4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ 5 KB
2 KB 26ms
25ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53395
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc69ab4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame A677 146 KB
39 KB 20ms
19ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c34bc
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240729124141D36607BF3EAAB635524F
x-tt-trace-id: 00-240729124141D36607BF3EAAB635524F-172072EF957F5518-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0181e76db46024eb32ec47011d7c44f21ec4748f634318532911c988e62efe54610f2c5018ed5274f44cef92a92a67e4ef16f5f25123960c9034d98a8122da1cec274814d7ad2b11e3e6b39a9db5ce56102057d8ad8b6900dd52f39d12e08816f6
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=5
content-length: 39564

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame A677 0
717 B 82ms
81ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c34ce
date: Fri, 09 Aug 2024 06:25:16 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251641BF7EEFABE1EF9FF80F-09A646CCCA31CF33-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=51, cdn-cache; desc=MISS, edge; dur=6, origin; dur=58
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251641BF7EEFABE1EF9FF80F
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 58,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b73e951686260f3ff439acae91a62211c99a70eb7f8b5fd2c2cb2d367eeb606a892bf4ec0054ce0ee1ef186a88d484a22
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:16 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
0 0ms
0ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c34bc
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240729124141D36607BF3EAAB635524F
x-tt-trace-id: 00-240729124141D36607BF3EAAB635524F-172072EF957F5518-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0181e76db46024eb32ec47011d7c44f21ec4748f634318532911c988e62efe54610f2c5018ed5274f44cef92a92a67e4ef16f5f25123960c9034d98a8122da1cec274814d7ad2b11e3e6b39a9db5ce56102057d8ad8b6900dd52f39d12e08816f6
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=5
content-length: 39564

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
878 B 172ms
171ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: be1b081.b2c34e8
date: Fri, 09 Aug 2024 06:25:16 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090625168CBA6486768DE9C42F5F-3E5C7D609C314DB5-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 145,23.218.222.75
server-timing: cdn-cache; desc=MISS, edge; dur=8, origin; dur=143, inner; dur=135
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090625168CBA6486768DE9C42F5F
x-cache-remote: TCP_MISS from a23-220-105-70.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 143,23.220.105.70
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae657338a2c6c710ee61216b3a50c6b7bacada65049fbaf9fd81691be69e3d59b5220cc4b7c1a364de2451e7a3d982333de64c959e2da594db44b6b49db3d5ee7e1d1be6887f7642f01ed7c76a3bda5c2ad3141381c43a4a6e01a55eed8990bb023
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:16 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame A677 33 KB
0 27ms
26ms Image
image/png 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 49207
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafc69aa4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame A677 5 KB
0 26ms
25ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53395
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc69ab4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame A677 23 KB
5 KB 22ms
22ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::wnkcn-1723184716300-5edb9ae47bcd
age: 240575
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
H2 200 7.svg Show response
cdn.equalweb.com/assets/images/ 2 KB
1 KB 24ms
23ms Fetch
image/svg+xml 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/images/7.svg

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains
age: 235222
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2019 12:51:25 GMT
server: cloudflare
etag: W/"7c8f42d46748d51:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKe2N4jmiDr6L%2BlyvlNt6mm%2B9K7GylbDfZMJO4jtWJ6G6ii6gQ4u2xFYmzy1Z0SNMXJqD3P%2Bavg%2BL%2FGuRC44kA0UIv9D8rbj8ru%2FJ81E5at6IiJbwtdiIhHhpgT0Vs1UQpUeQnBsk1tur%2BpVS0M%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
vary: Accept-Encoding
x-client-country: US
cf-ray: 8b05aafda8248c0b-EWR

GET
DATA 200
OK truncated
/ Frame A677 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame A677 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A677 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A677 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A677 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame A677 610 B
795 B 29ms
29ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::p9rnz-1723184716436-e2f77b5b58be
age: 240543
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 chat Show response
reasonlabs.com/ Frame 5FC2 3 KB
45 B 35ms
34ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/chat
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240551
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:25:16 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::qhg7g-1723184716439-90845cba65ea

GET
DATA 200
OK truncated
/ Frame A677 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 image
reasonlabs.com/_next/ 19 KB
19 KB 27ms
24ms Image
image/avif 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://reasonlabs.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2Fwaves.b04b6791.png&w=1400&q=75

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e974d84489664f0ff60bb76d7b3565752e71391c36e5d1e1742868f0cff4d647

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=63072000
age: 1084914
x-vercel-imgsrc: 3d39d9f8f36ff633d4440fd26c6619e3
content-disposition: inline; filename="waves.avif"
content-length: 19000
last-modified: Sat, 27 Jul 2024 17:03:21 GMT
server: Vercel
x-vercel-id: iad1::qhg7g-1723184716450-d506718e6b62
x-matched-path: /_next/static/media/waves.b04b6791.png
x-vercel-cache: HIT
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 00142aa71319f6f3.css
reasonlabs.com/_next/static/css/ 5 KB
2 KB 26ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/00142aa71319f6f3.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d52b60198aab783248d1d0d3dd27504a1c8581d7d34c81d9788ee4a4082ec30a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::5wv5j-1723184716450-bd40c8fb1255
age: 239890
x-matched-path: /_next/static/css/00142aa71319f6f3.css
etag: W/"eeb5255cd7122fada677f50c3f4095f0"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="00142aa71319f6f3.css"

GET
H2 200 chat Show response
reasonlabs.com/ Frame ECA5 3 KB
44 B 41ms
17ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240551
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:25:16 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::qhg7g-1723184716478-05af7015628f

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 9D52 25 KB
6 KB 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MHGCDDAN38T054XK
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvqsRFbhfxBhKYSAPpgR4iHBJ7etIpwy4HwZhj92ZTi9ZcnytVylscFKAT8LHhGyaSKXOIm5zIihaDfW34IveQ1DZmSq15E455JEL%2Bu4Ws9FOJuHywYaMiBIrxxAUSYWSMvursk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aaff0f6d8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 9D52 688 B
1 KB 195ms
120ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-855d4bc785-zp9l4
x-cached: STALE
x-request-id: 8b05aaff7b296a59-ATL
x-runtime: 0.002404
last-modified: Fri, 09 Aug 2024 06:25:16 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WaNXdqZ7VOPp0fp%2BRb2GZpkKOFZ%2FnnAGV%2FIbhv6mB8RDANVGDyCBarwNoD3bCIHnJ7n1qlo70unJFux99BJL9Dwe449GmFMcPWPV32%2FlwujpiTDp%2ByECum3VuIT6gjs66CTwmHoiuXAAcSa"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05aaff7b296a59-EWR

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 5FC2 40 KB
0 26ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 5FC2 264 B
0 121ms
120ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::nwxww-1723184715214-2b1a930e2ac8
age: 240543
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 5FC2 21 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 39705
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf54cd24340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 304 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 5FC2 29 KB
90 B 31ms
31ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

If-Modified-Since: Thu, 08 Aug 2024 17:48:02 GMT
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45434
access-control-max-age: 1000
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05aaff79c47d1e-EWR
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:30:16 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 5FC2 28 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hs7rb-1723184715013-4e7bea84dbc3
age: 240543
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 5FC2 127 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715020-2c539a53a7bc
age: 240543
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 5FC2 106 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::p28p9-1723184715013-8a823bc1a4f1
age: 240543
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 5FC2 140 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723184715013-170c1f74a07d
age: 240543
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 5FC2 4 KB
0 32ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715265-5f628211eada
age: 240543
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 5FC2 14 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::7llcv-1723184715013-060e86cbb06e
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 5FC2 2 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715018-d9d138f629d0
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame ECA5 40 KB
0 26ms
25ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame ECA5 264 B
0 121ms
120ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::nwxww-1723184715214-2b1a930e2ac8
age: 240543
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame ECA5 21 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 39705
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf54cd24340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame ECA5 29 KB
39 B 31ms
30ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45434
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05aaffb9e77d1e-EWR
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:30:16 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame ECA5 28 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hs7rb-1723184715013-4e7bea84dbc3
age: 240543
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame ECA5 127 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715020-2c539a53a7bc
age: 240543
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame ECA5 106 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::p28p9-1723184715013-8a823bc1a4f1
age: 240543
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame ECA5 140 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723184715013-170c1f74a07d
age: 240543
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame ECA5 4 KB
0 32ms
22ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184715265-5f628211eada
age: 240543
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame ECA5 14 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::7llcv-1723184715013-060e86cbb06e
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame ECA5 2 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715018-d9d138f629d0
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame A677 0
715 B 58ms
56ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c36ec
date: Fri, 09 Aug 2024 06:25:16 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090625163C83514F68A64B790AAC-602315FD4B9AFCC2-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=14, cdn-cache; desc=MISS, edge; dur=8, origin; dur=17
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090625163C83514F68A64B790AAC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 17,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ff933a29c8be67cd6ce0904815c6f6c76ebaab05e4caea408cc850da0da9c131b179598a7ed2b9dce60ad413bef927490faa20303f5c341191f3e475b89ca6e520
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:16 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
718 B 60ms
58ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c36ed
date: Fri, 09 Aug 2024 06:25:16 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251641BF7EEFABE1EF9FF826-2CF60C4D0EFCA297-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=16, cdn-cache; desc=MISS, edge; dur=8, origin; dur=20
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251641BF7EEFABE1EF9FF826
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303bb988d824dbc905d578ed429b37be5d740855cc6e3a6c06bbf0817228335017484d4fb8959d220046c2e52b1c4cb3a170
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:16 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 5FC2 267 KB
0 7ms
7ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 5FC2 5 KB
0 0ms
0ms XHR
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 60765
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf67bc11825-EWR

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ Frame 5FC2 45 KB
0 192ms
36ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 22:02:45 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 30151
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46444
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
etag: "78e812f3fda430191facc31c64a4b927"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: jo-hij__KQ_e0PC5xNxZmASr3K8Ut_B9fVJ20VK6HXXzIjCUNyyTdQ==

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ Frame 5FC2 45 KB
0 176ms
20ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 19:51:54 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 38002
etag: "0db105f867c7eb2e491db586cc26b417"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: WlOhgFu03Rnx96B98mO3o2AjjyRBRvQi-IyYzxaWDbeSU6DSykFc4A==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ Frame 5FC2 46 KB
0 258ms
103ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: wT495oPzIn39N-ybkakkVZF9tzaPJYnlGthkgy8DDru4vg5vnCWhug==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ Frame 5FC2 45 KB
0 249ms
93ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: s2kFBoO8djA3y6PgZDaZQiFUIVaq5VukUW7Mv5D3_0s0aehtUksDyQ==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ Frame 5FC2 47 KB
0 175ms
19ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 23:01:26 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 26629
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47772
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
etag: "6d10397a151d83e4407fecd27f76cafb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: PthcJNia0xVi1-rQghiAXqVZ-tHGs3UhvZZwgXTL4kCWkvMc4qYzYg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame ECA5 267 KB
0 7ms
7ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame ECA5 5 KB
0 0ms
0ms XHR
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 60765
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf67bc11825-EWR

GET
H2 200 Galano_Grotesque_Light.otf
cdn.reasonlabs.com/fonts/ Frame ECA5 45 KB
0 192ms
36ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Light.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 22:02:45 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 30151
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46444
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
etag: "78e812f3fda430191facc31c64a4b927"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: jo-hij__KQ_e0PC5xNxZmASr3K8Ut_B9fVJ20VK6HXXzIjCUNyyTdQ==

GET
H2 200 Galano_Grotesque.otf
cdn.reasonlabs.com/fonts/ Frame ECA5 45 KB
0 176ms
20ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 19:51:54 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:30 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
age: 38002
etag: "0db105f867c7eb2e491db586cc26b417"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 46020
x-amz-cf-id: WlOhgFu03Rnx96B98mO3o2AjjyRBRvQi-IyYzxaWDbeSU6DSykFc4A==

GET
H2 200 Galano_Grotesque_Medium.otf
cdn.reasonlabs.com/fonts/ Frame ECA5 46 KB
0 258ms
103ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Medium.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:32 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "4718f2452d00ff1c747e78bb8c4a6641"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46848
x-amz-cf-id: wT495oPzIn39N-ybkakkVZF9tzaPJYnlGthkgy8DDru4vg5vnCWhug==

GET
H2 200 Galano_Grotesque_SemiBold.otf
cdn.reasonlabs.com/fonts/ Frame ECA5 45 KB
0 249ms
93ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_SemiBold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jan 2023 12:01:31 GMT
server: AmazonS3
x-amz-cf-pop: IAD61-P1
etag: "cbd91bb2a05d0a9b2f88e3e8c5d43cce"
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 46516
x-amz-cf-id: s2kFBoO8djA3y6PgZDaZQiFUIVaq5VukUW7Mv5D3_0s0aehtUksDyQ==

GET
H2 200 Galano_Grotesque_Bold.otf
cdn.reasonlabs.com/fonts/ Frame ECA5 47 KB
0 175ms
19ms Font
binary/octet-stream 2600:9000:26c1:6600:16:b250:9b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.reasonlabs.com/fonts/Galano_Grotesque_Bold.otf
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26c1:6600:16:b250:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

date: Thu, 08 Aug 2024 23:01:26 GMT
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P1
age: 26629
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47772
last-modified: Fri, 13 Jan 2023 12:01:33 GMT
server: AmazonS3
etag: "6d10397a151d83e4407fecd27f76cafb"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: PthcJNia0xVi1-rQghiAXqVZ-tHGs3UhvZZwgXTL4kCWkvMc4qYzYg==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 5FC2 69 B
162 B 25ms
24ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05ab003f9ac425-EWR
access-control-allow-headers: Content-Type

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 5FC2 10 KB
0 78ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 58
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3PJmv7Cah%2BYdcMt2afne3vwntJXw4QNPJLtH11XmPWy0Pqk81TscWZck%2BPcleNgFTWrKSNsvfWycUfCRsbDWIbfxwBXNLwQVaH146Y4NO5E5PYUaHYLq2y83UD0FcNHV0fUSP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05aaf94c428c93-EWR
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 5FC2 0
241 B 22ms
21ms Fetch 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: 2HxWD1Hd73_PbsgVCsOHdeMFWHmnKptJbUX37xBLWvywBiZyS4B8Zw==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame ECA5 69 B
139 B 40ms
26ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05ab006fb8c425-EWR
access-control-allow-headers: Content-Type

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 216 KB
53 KB 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoQ2z%2FWwxaPBC4iwr0oay8UZkiH2tZy%2BMtFGfLr96C9SL8geFTKyVQp4z8qkfvp6VGNUEm%2FzDtfgX5rgZiV7K7zzKvHWHM16YZ%2FD%2BvIGEy9ZGDioYXzdbVx9ILpWjV9brYn5MLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0068388c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 5FC2 316 KB
0 1ms
1ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 5FC2 242 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 304 uwt.js Show response
static.ads-twitter.com/ Frame 5FC2 56 KB
41 B 18ms
17ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
If-None-Match: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
If-Modified-Since: Tue, 26 Mar 2024 20:58:07 GMT
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-cache: HIT
cache-control: no-cache
x-served-by: cache-iad-kiad7000072-IAD

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 5FC2 239 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 5FC2 43 KB
0 4ms
4ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1H1p3Y1tzpafrXkF3ElUD0DT8aiDVekgyt3a2H67YVRo8o937BJNjeQTwozIq9AeVM9gQozJ5IgJPY4Qhl7%2Bmwu%2BapyNKnlBokFoUKBVwzXprUZxxg5uAK46Uuvm33OmcA7n5TFZCVZ4OFO6ZM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aaf93cc38c0b-EWR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 5FC2 225 KB
0 5ms
5ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RUivrcZcT335FmMjvtXLFJrzfU7Filr5qbER7HW9V/sqZy0nP/OZMEo/w0LbkKdcmFfxzH3yeO+L8bS1vh+ahQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 5FC2 5 KB
2 KB 31ms
30ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3f8cbbaebbf9af2525f9c0bd02113d7f6331e83e5bc1e3074182128c36b9b499

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c376c
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251641BF7EEFABE1EF9FF82F-47E03C8E751D3204-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=7
content-length: 1606
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251641BF7EEFABE1EF9FF82F
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303bb61fa7cb7d3963f8a92aef05b16b1f16ab06f025dbd886a023fca2bc5d0b9abfdb66bf1afa91663b8f0cb10030dec06c
expires: Fri, 09 Aug 2024 06:25:16 GMT

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 5FC2 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxMxTuS%2FClWVrGHLFTujz%2BTI9d%2B431jA2L8w6%2F4AefGrup7ulieV90qQMjFhpKcDUIRPJj7VIF8yy7LmhyVRzzKePzM5kHFGYta6EKDxOsK%2BChzSS7JXIhc%2BRQGJ9hDFClE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05aafadf41180d-EWR

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame ECA5 316 KB
0 1ms
1ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame ECA5 242 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame ECA5 56 KB
18 B 16ms
16ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000072-IAD

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame ECA5 239 KB
0 2ms
2ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame ECA5 43 KB
0 4ms
4ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1H1p3Y1tzpafrXkF3ElUD0DT8aiDVekgyt3a2H67YVRo8o937BJNjeQTwozIq9AeVM9gQozJ5IgJPY4Qhl7%2Bmwu%2BapyNKnlBokFoUKBVwzXprUZxxg5uAK46Uuvm33OmcA7n5TFZCVZ4OFO6ZM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aaf93cc38c0b-EWR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame ECA5 225 KB
0 5ms
5ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RUivrcZcT335FmMjvtXLFJrzfU7Filr5qbER7HW9V/sqZy0nP/OZMEo/w0LbkKdcmFfxzH3yeO+L8bS1vh+ahQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame ECA5 5 KB
2 KB 29ms
29ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 59472f5a1e1538f26d915ffa76518537bc02acdb5762e758079c4613074a6661

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3796
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251641BF7EEFABE1EF9FF834-0716D06C0E71F6E9-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=8
content-length: 1643
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251641BF7EEFABE1EF9FF834
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 8,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b9a69b5ea46ce96e563a02614a69d56bc123fc8eba89b1e0868f70b3a054f9c91adacca5072da96dcbf662f102c0a6fd2
expires: Fri, 09 Aug 2024 06:25:16 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 5FC2 383 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 49129
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf8ff474340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame ECA5 383 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 49129
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf8ff474340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 5FC2 2 KB
1 KB 33ms
33ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723184717084&cv=11&fst=1723184717084&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7d1958915cc3df35bfc19ebbe5d325573f93316582b866b0c6b7e32e839d530

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 5FC2 2 KB
1 KB 33ms
33ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723184717098&cv=11&fst=1723184717098&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee8ab1ef76bdcddfcdfac8cd3c62210e316f4eb688a8da0b4bab8da5c80414fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1371
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 5FC2 64 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=65, mss=1328, tbw=64436, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: public
x-fb-debug: jNrbwCiUgv4hkwFwSR26TWaA9DFG982/IhTg1tXihYuONNYFyYN+W+6ZOTjU5zj+/aeW7OTZxNaJF61UyMZTCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame ECA5 10 KB
0 78ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 58
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3PJmv7Cah%2BYdcMt2afne3vwntJXw4QNPJLtH11XmPWy0Pqk81TscWZck%2BPcleNgFTWrKSNsvfWycUfCRsbDWIbfxwBXNLwQVaH146Y4NO5E5PYUaHYLq2y83UD0FcNHV0fUSP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05aaf94c428c93-EWR
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame ECA5 0
240 B 24ms
22ms Fetch 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:25:17 GMT
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: Chg7tcQ6OYqDxR8DXMj1ggBNV2T-heZSEtc-X0jCDIsbdbDAfajWCA==

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame ECA5 3 KB
1 KB 35ms
34ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723184717183&cv=11&fst=1723184717183&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97fa66a98fbfb4a5ba79030bf0e18b934226ed9c1822d40fc40b48b48a1fbb52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1369
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame ECA5 3 KB
1 KB 34ms
33ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723184717196&cv=11&fst=1723184717196&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37db8522bbfccddcb5efbd2d1253f9cbdc198a2a04c48327b8e3db7ff9a1f786

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1369
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame ECA5 64 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=65, mss=1328, tbw=64436, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: public
x-fb-debug: jNrbwCiUgv4hkwFwSR26TWaA9DFG982/IhTg1tXihYuONNYFyYN+W+6ZOTjU5zj+/aeW7OTZxNaJF61UyMZTCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 5FC2 30 KB
0 0ms
0ms Fetch
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 41118
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf9dd831825-EWR

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame ECA5 30 KB
0 0ms
0ms Fetch
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 41118
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf9dd831825-EWR

POST
H3 204 collect
analytics.google.com/g/ Frame 5FC2 0
0 23ms
23ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723184716836&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=page_view&tfd=750
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame A677 20 KB
0 0ms
0ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjIklqDLDOkpEeJ9Nz66kT6iyoeXaWcowOPqxc%2FBj5a2DffL814uPMLp9STV0sSjabTe39UcxcOMHktXO5xs6no1hGJNOCqB9ACBV4aQJkp52MygkUsyAXg2%2BuBWqDCMTlN8C%2BL%2By%2BSbAPA2zo4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd78c0b-EWR

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame A677 105 B
0 1ms
1ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg3KUkfDFX%2FIoDxoMPmru7ZHEyCnvdK7UVbW17otk2J3EU2l5e9GSoJ%2BYTAyFvbYkU1XNM3y5qbp4K3WQPsN6UTBD7NPN%2FQE2k2pOeCcHKc1biaJhTcfQrn5D3UC6Os87ky1ycgIZSTTZTcVCU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd98c0b-EWR

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame A677 810 B
0 1ms
1ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snwyn1H0ijeXZ%2FC5cViW%2FWJkkD2u6t7VvSdT7oqgY0UF3VLZgovA2TOAXHzxsRL3DFJGSblFT2vcQ%2FSJAidbkQdlMDnxqA%2F5NQ5vEJ6UusFb2tRRZ8%2BTV%2BLGT5uFIkdn2%2BCokYU5bUfu%2BdbFxpA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: US
cf-ray: 8b05aafaadda8c0b-EWR

GET
H2 200 adsct
t.co/i/ Frame 5FC2 43 B
163 B 142ms
141ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=887ecf69-bb21-4468-87b8-e0b8dcbe40b5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fff548a8-2504-4213-9e6d-09ad0d42d61a&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 88
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: bd6e55cea04e46ce
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: bf5c4abcaeab7a07637ea7bdc7c5413ab3e59f7980e21f57aec84e0eeb9fec24
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 5FC2 43 B
116 B 40ms
40ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=887ecf69-bb21-4468-87b8-e0b8dcbe40b5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fff548a8-2504-4213-9e6d-09ad0d42d61a&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 01a8540260be8939
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7f8ad063afe92dcf03b3f387b6dbfb27435d3f47ad7074ed84f545a8ced55a20
content-length: 43

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame ECA5 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxMxTuS%2FClWVrGHLFTujz%2BTI9d%2B431jA2L8w6%2F4AefGrup7ulieV90qQMjFhpKcDUIRPJj7VIF8yy7LmhyVRzzKePzM5kHFGYta6EKDxOsK%2BChzSS7JXIhc%2BRQGJ9hDFClE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05aafadf41180d-EWR

GET
H2 200 favicon-32x32.png
reasonlabs.com/ 2 KB
2 KB 32ms
31ms Other
image/png 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:17 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::qbskj-1723184717241-c3a9413bb937
age: 240543
x-matched-path: /favicon-32x32.png
etag: "4712c2a7f8b8111661cfd429c6cdb62a"
x-vercel-cache: HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="favicon-32x32.png"
accept-ranges: bytes
content-length: 1983

POST
H3 204 collect
analytics.google.com/g/ Frame ECA5 0
0 24ms
23ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723184716869&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=page_view&tfd=802
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame ECA5 0
125 B 18ms
17ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723184717315&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184717209&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1328, tbw=7670, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:25:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame ECA5 67 B
859 B 34ms
34ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&if=true&ts=1723184717315&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184717209&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:25:17 GMT
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401022006579076662", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1328, tbw=7839, tp=-1, tpl=-1, uplat=17, ullat=0
pragma: no-cache
x-fb-debug: t+AzNcH4QWUFmitcn1b1mFLWYop1/05A0gOpy3lAQyA0c9fJ5ODcIJaJuNdEtSkVNMoTPopZG+RG0TgmrHwOzQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401022006579076662"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 5FC2 0
19 B 17ms
16ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D306027671784119%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Freasonlabs.com%252Fchat%26rl%3Dhttps%253A%252F%252Freasonlabs.com%252Fchat%26if%3Dtrue%26ts%3D1723184717254%26sw%3D1600%26sh%3D1200%26v%3D2.9.164%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1723184716201.908005160177313985%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1723184717118%26coo%3Dfalse%26exp%3Df1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=23, mss=1232, tbw=4702, tp=12, tpl=0, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:25:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 5FC2 67 B
197 B 38ms
37ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723184717254&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184717118&coo=false&exp=f1&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:25:17 GMT
document-policy: force-load-at-top
x-fb-server-load: 47
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401022005042742875", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=24, mss=1232, tbw=5022, tp=14, tpl=0, uplat=21, ullat=0
pragma: no-cache
x-fb-debug: OeD8XuxuVd0aHExEZlFHWjfVn4SpSKUXgOB0YvhK3UoUpz5EMJ5HdbkWi+hXY4YqJAw7ztWFWj1wJzpIEsnD3w==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401022005042742875"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 5FC2 331 KB
0 4ms
4ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3418
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408081344078F89007EC1B9FA523050
x-tt-trace-id: 00-2408081344078F89007EC1B9FA523050-2482DFFFF3D73CC3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014a5b1316db7dc601d05c7f7ef87b676c6bf0ccb52103a8a5c3e99c7963020ae083b24334a9500c203a6b80d6b961761df3774fca84bca8da672cd0c0777868988566c7905df9bccbaead871dc2ccd8ea7b4c2f8ffadb86824f821b6ff3e8b69a
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 96240

GET
H2 200 adsct
t.co/i/ Frame ECA5 43 B
140 B 67ms
66ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=deb5611e-8a32-486d-91b9-e88cc9405557&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=efe1374e-b01a-4fce-8fc9-774b7f930e10&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 5
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 372fec084e19d83f
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 3bc3a1ddcefcfa6c48a1f43a03e6f8044b046089d476e822f592dd9dc1ca6312
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame ECA5 43 B
117 B 113ms
113ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=deb5611e-8a32-486d-91b9-e88cc9405557&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=efe1374e-b01a-4fce-8fc9-774b7f930e10&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 79
date: Fri, 09 Aug 2024 06:25:17 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: b57ccfbf6f5adf41
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7f8ad063afe92dcf03b3f387b6dbfb27435d3f47ad7074ed84f545a8ced55a20
content-length: 43

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame ECA5 331 KB
0 4ms
4ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3418
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408081344078F89007EC1B9FA523050
x-tt-trace-id: 00-2408081344078F89007EC1B9FA523050-2482DFFFF3D73CC3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014a5b1316db7dc601d05c7f7ef87b676c6bf0ccb52103a8a5c3e99c7963020ae083b24334a9500c203a6b80d6b961761df3774fca84bca8da672cd0c0777868988566c7905df9bccbaead871dc2ccd8ea7b4c2f8ffadb86824f821b6ff3e8b69a
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 96240

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 972 KB
0 33ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: EKH3SYBFDADZ3R56
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJbIpkarg5DGT5YFmCUTehizhzoLTC2w5Hw1YXdJlwUBv5kKlx%2BFSHB57GaOyzxeHo2mCRH5tuU%2FGDiL7sxL5sYXzWILXvg%2FfOTsiqT5bkGNHmYNZYrjcD8CLTereIrvY7M2VUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aafc0d898c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 5FC2 42 B
64 B 32ms
32ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723184717084&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfO60KfnlWMwBwp16pb8-W9-1xPwtcAae1A-MYoh9rI1PUybvA&random=1812394295&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 5FC2 42 B
64 B 28ms
28ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723184717098&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfB48UsIdnJ2NE0eWVfJME5UT7MfLS2y4p6wqU4GvlmuA6v412&random=1089896211&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 5FC2 146 KB
0 0ms
0ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c34bc
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240729124141D36607BF3EAAB635524F
x-tt-trace-id: 00-240729124141D36607BF3EAAB635524F-172072EF957F5518-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0181e76db46024eb32ec47011d7c44f21ec4748f634318532911c988e62efe54610f2c5018ed5274f44cef92a92a67e4ef16f5f25123960c9034d98a8122da1cec274814d7ad2b11e3e6b39a9db5ce56102057d8ad8b6900dd52f39d12e08816f6
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=5
content-length: 39564

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 5FC2 0
721 B 242ms
233ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c38fe
date: Fri, 09 Aug 2024 06:25:17 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251741BF7EEFABE1EF9FF846-2CF60C4D0EFCA34A-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=200, cdn-cache; desc=MISS, edge; dur=18, origin; dur=203
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251741BF7EEFABE1EF9FF846
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 204,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303bb988d824dbc905d578ed429b37be5d74fd17dcc8d8bdf0b5b417d5070eb39badf9ceba9978f199c8fe512ef0d5cab5d8
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:17 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame ECA5 42 B
64 B 31ms
29ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723184717183&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfncZ1CYDsaLIkYQxcArxXa3lQM8Z0-LlJ_2GkhacesZ-tYS2m&random=3572034502&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame ECA5 146 KB
0 0ms
0ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c34bc
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240729124141D36607BF3EAAB635524F
x-tt-trace-id: 00-240729124141D36607BF3EAAB635524F-172072EF957F5518-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0181e76db46024eb32ec47011d7c44f21ec4748f634318532911c988e62efe54610f2c5018ed5274f44cef92a92a67e4ef16f5f25123960c9034d98a8122da1cec274814d7ad2b11e3e6b39a9db5ce56102057d8ad8b6900dd52f39d12e08816f6
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=5
content-length: 39564

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame ECA5 0
716 B 115ms
113ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c3922
date: Fri, 09 Aug 2024 06:25:17 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090625173C83514F68A64B790AF6-75198EF99C2CC790-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=80, cdn-cache; desc=MISS, edge; dur=6, origin; dur=90
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090625173C83514F68A64B790AF6
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 90,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ff933a29c8be67cd6ce0904815c6f6c76e7cf21d1ab7296369b7b18976a5b69561d0d7674dc91382d127e1a2b8ca1511511b80507f89e8a740825b01e8b0f1e069
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:17 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame ECA5 42 B
64 B 29ms
28ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723184717196&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfsM4GdADti45xJFq5GAlIuAaSbCSvLlU384gnU2KOBFVd32Ca&random=189816060&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:17 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 16C5 25 KB
0 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MHGCDDAN38T054XK
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvqsRFbhfxBhKYSAPpgR4iHBJ7etIpwy4HwZhj92ZTi9ZcnytVylscFKAT8LHhGyaSKXOIm5zIihaDfW34IveQ1DZmSq15E455JEL%2Bu4Ws9FOJuHywYaMiBIrxxAUSYWSMvursk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aaff0f6d8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 16C5 688 B
0 0ms
0ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-855d4bc785-zp9l4
x-cached: STALE
x-request-id: 8b05aaff7b296a59-ATL
x-runtime: 0.002404
last-modified: Fri, 09 Aug 2024 06:25:16 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WaNXdqZ7VOPp0fp%2BRb2GZpkKOFZ%2FnnAGV%2FIbhv6mB8RDANVGDyCBarwNoD3bCIHnJ7n1qlo70unJFux99BJL9Dwe449GmFMcPWPV32%2FlwujpiTDp%2ByECum3VuIT6gjs66CTwmHoiuXAAcSa"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05aaff7b296a59-EWR

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 5FC2 13 KB
0 1ms
1ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 42633
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe121825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 5FC2 61 KB
0 2ms
2ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 65881
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe141825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 5FC2 5 KB
0 3ms
3ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 65881
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe151825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 5FC2 21 KB
0 3ms
3ms Fetch
text/css 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 65881
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafbbe161825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame ECA5 13 KB
0 0ms
0ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 42633
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe121825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame ECA5 61 KB
0 1ms
1ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 65881
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe141825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame ECA5 5 KB
0 3ms
3ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 65881
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe151825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame ECA5 21 KB
0 2ms
2ms Fetch
text/css 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 65881
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafbbe161825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 972 KB
0 33ms
33ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: EKH3SYBFDADZ3R56
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJbIpkarg5DGT5YFmCUTehizhzoLTC2w5Hw1YXdJlwUBv5kKlx%2BFSHB57GaOyzxeHo2mCRH5tuU%2FGDiL7sxL5sYXzWILXvg%2FfOTsiqT5bkGNHmYNZYrjcD8CLTereIrvY7M2VUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aafc0d898c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 216 KB
0 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoQ2z%2FWwxaPBC4iwr0oay8UZkiH2tZy%2BMtFGfLr96C9SL8geFTKyVQp4z8qkfvp6VGNUEm%2FzDtfgX5rgZiV7K7zzKvHWHM16YZ%2FD%2BvIGEy9ZGDioYXzdbVx9ILpWjV9brYn5MLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0068388c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 7356 25 KB
0 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MHGCDDAN38T054XK
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvqsRFbhfxBhKYSAPpgR4iHBJ7etIpwy4HwZhj92ZTi9ZcnytVylscFKAT8LHhGyaSKXOIm5zIihaDfW34IveQ1DZmSq15E455JEL%2Bu4Ws9FOJuHywYaMiBIrxxAUSYWSMvursk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aaff0f6d8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 7356 688 B
0 0ms
0ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-855d4bc785-zp9l4
x-cached: STALE
x-request-id: 8b05aaff7b296a59-ATL
x-runtime: 0.002404
last-modified: Fri, 09 Aug 2024 06:25:16 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WaNXdqZ7VOPp0fp%2BRb2GZpkKOFZ%2FnnAGV%2FIbhv6mB8RDANVGDyCBarwNoD3bCIHnJ7n1qlo70unJFux99BJL9Dwe449GmFMcPWPV32%2FlwujpiTDp%2ByECum3VuIT6gjs66CTwmHoiuXAAcSa"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05aaff7b296a59-EWR

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 5FC2 0
719 B 106ms
104ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c3a3c
date: Fri, 09 Aug 2024 06:25:17 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251741BF7EEFABE1EF9FF857-09A646CCCA31D0CB-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=32, cdn-cache; desc=MISS, edge; dur=24, origin; dur=52
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251741BF7EEFABE1EF9FF857
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 52,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b73e951686260f3ff439acae91a62211c84c249748b53f99ea6595cccd720b2e5aa2b1be8ad3ddddf1246a6813480861f
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:17 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame ECA5 0
717 B 77ms
76ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c3a46
date: Fri, 09 Aug 2024 06:25:17 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090625173C83514F68A64B790B1F-3322C770DAFBC046-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=32, cdn-cache; desc=MISS, edge; dur=23, origin; dur=36
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090625173C83514F68A64B790B1F
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 36,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ff933a29c8be67cd6ce0904815c6f6c76ec5c1d6b098f96311bb534887c1db485c58e1e1d6e224ad5a7a551f2e3a647ab3aa02f039b030b35c3889bb012e7f000c
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:17 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 216 KB
0 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoQ2z%2FWwxaPBC4iwr0oay8UZkiH2tZy%2BMtFGfLr96C9SL8geFTKyVQp4z8qkfvp6VGNUEm%2FzDtfgX5rgZiV7K7zzKvHWHM16YZ%2FD%2BvIGEy9ZGDioYXzdbVx9ILpWjV9brYn5MLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0068388c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 5FC2 33 KB
0 27ms
26ms Image
image/png 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 49207
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafc69aa4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 5FC2 5 KB
0 26ms
25ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53395
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc69ab4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 5FC2 23 KB
4 KB 21ms
20ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::d9wvx-1723184717853-b75587b1dbd1
age: 240577
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame ECA5 33 KB
0 27ms
26ms Image
image/png 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 49207
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafc69aa4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame ECA5 5 KB
0 26ms
25ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53395
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc69ab4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame ECA5 23 KB
4 KB 104ms
101ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:17 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::9ngr9-1723184717900-4b52b158fab7
age: 240577
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
DATA 200
OK truncated
/ Frame 5FC2 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 5FC2 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5FC2 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5FC2 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5FC2 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5FC2 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 5FC2 610 B
0 29ms
29ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::p9rnz-1723184716436-e2f77b5b58be
age: 240543
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 9669-c1dd85627d14116a.js Show response
reasonlabs.com/_next/static/chunks/ 17 KB
0 1ms
0ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9669-c1dd85627d14116a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::wnkcn-1723184715506-a4d62ced1fe6
age: 240543
x-matched-path: /_next/static/chunks/9669-c1dd85627d14116a.js
etag: W/"df94e0a9e336407fee547b88bb300177"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9669-c1dd85627d14116a.js"

GET
H2 200 7536-d078bab37095fd33.js Show response
reasonlabs.com/_next/static/chunks/ 22 KB
0 1ms
1ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/7536-d078bab37095fd33.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715507-e6dbad2e17a2
age: 240543
x-matched-path: /_next/static/chunks/7536-d078bab37095fd33.js
etag: W/"77108c566aca03f6efbddef060527122"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="7536-d078bab37095fd33.js"

GET
H2 200 4853-a702dd05d0560e1e.js Show response
reasonlabs.com/_next/static/chunks/ 10 KB
0 2ms
2ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/4853-a702dd05d0560e1e.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::jbst9-1723184715507-77a23abc047e
age: 240543
x-matched-path: /_next/static/chunks/4853-a702dd05d0560e1e.js
etag: W/"1b730895d2887145510a56eac5c6c912"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4853-a702dd05d0560e1e.js"

GET
H2 200 9491-cb307f0820dea16a.js Show response
reasonlabs.com/_next/static/chunks/ 55 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9491-cb307f0820dea16a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hccg9-1723184715508-761f5a2fe0f7
age: 240543
x-matched-path: /_next/static/chunks/9491-cb307f0820dea16a.js
etag: W/"94f0bea99e6ca73dcad46858d27f410e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9491-cb307f0820dea16a.js"

GET
H2 200 9181-783f2b62bd015354.js Show response
reasonlabs.com/_next/static/chunks/ 126 KB
0 6ms
6ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/9181-783f2b62bd015354.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715508-f513bceef91d
age: 240543
x-matched-path: /_next/static/chunks/9181-783f2b62bd015354.js
etag: W/"9ca24510e1cdd5d5e7d5ddff68e98437"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="9181-783f2b62bd015354.js"

GET
H2 200 5074-22f981bef7596111.js Show response
reasonlabs.com/_next/static/chunks/ 8 KB
0 10ms
10ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5074-22f981bef7596111.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715519-abccbd8acbbe
age: 240543
x-matched-path: /_next/static/chunks/5074-22f981bef7596111.js
etag: W/"310e55de2050605a798b639f502ed60b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5074-22f981bef7596111.js"

GET
H2 200 contact-us-d3628e156bfb164b.js Show response
reasonlabs.com/_next/static/chunks/pages/ 4 KB
0 11ms
11ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715517-d97baf4ba07c
age: 240543
x-matched-path: /_next/static/chunks/pages/contact-us-d3628e156bfb164b.js
etag: W/"358d84a1371694326c440828f385f56c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="contact-us-d3628e156bfb164b.js"

GET
H2 200 1be5a77cd6b0c1b8.css Show response
reasonlabs.com/_next/static/css/ 2 KB
1 KB 101ms
76ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1be5a77cd6b0c1b8.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::9ngr9-1723184718011-0cce148d312a
age: 240545
x-matched-path: /_next/static/css/1be5a77cd6b0c1b8.css
etag: W/"0468ae9cfc7822bf2e099439d24a9f83"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1be5a77cd6b0c1b8.css"

GET
H2 200 2205-b8b042bddf4b1387.js Show response
reasonlabs.com/_next/static/chunks/ 39 KB
0 13ms
12ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2205-b8b042bddf4b1387.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hccg9-1723184715517-5f16cae132ad
age: 240543
x-matched-path: /_next/static/chunks/2205-b8b042bddf4b1387.js
etag: W/"ba817c6de20566a33d8d0ff4e3bcb244"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2205-b8b042bddf4b1387.js"

GET
H2 200 2491-9ec92f3cd3328555.js Show response
reasonlabs.com/_next/static/chunks/ 9 KB
0 13ms
13ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2491-9ec92f3cd3328555.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::wjhlt-1723184715517-ce27e46fba49
age: 240543
x-matched-path: /_next/static/chunks/2491-9ec92f3cd3328555.js
etag: W/"4fff78c55ddd1a3e147f39c093de99b7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2491-9ec92f3cd3328555.js"

GET
H2 200 blog-52fec28581808e54.js Show response
reasonlabs.com/_next/static/chunks/pages/ 1 KB
0 15ms
15ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/blog-52fec28581808e54.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::wjhlt-1723184715557-ba77ebcf651f
age: 240543
x-matched-path: /_next/static/chunks/pages/blog-52fec28581808e54.js
etag: W/"918586f29b4068e56808459b8d9cde16"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="blog-52fec28581808e54.js"

GET
H2 200 1554755ca48628de.css Show response
reasonlabs.com/_next/static/css/ 11 KB
3 KB 38ms
14ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/1554755ca48628de.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184718026-2c0290389013
age: 240545
x-matched-path: /_next/static/css/1554755ca48628de.css
etag: W/"9bea815c333dcf2e3dc5d257190c36c3"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1554755ca48628de.css"

GET
H2 200 b09dfccc-0d4362519e83f737.js Show response
reasonlabs.com/_next/static/chunks/ 135 KB
0 14ms
14ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/b09dfccc-0d4362519e83f737.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::d9wvx-1723184715557-5ef86d3db0c1
age: 240544
x-matched-path: /_next/static/chunks/b09dfccc-0d4362519e83f737.js
etag: W/"010c52841b45e58787fa5559057279b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b09dfccc-0d4362519e83f737.js"

GET
H2 200 5515-da6bcd073351bba9.js Show response
reasonlabs.com/_next/static/chunks/ 29 KB
0 15ms
14ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/5515-da6bcd073351bba9.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::7llcv-1723184715557-2a8def7fd971
age: 240544
x-matched-path: /_next/static/chunks/5515-da6bcd073351bba9.js
etag: W/"97fc8a2d007e82a5ea121e9e913754a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="5515-da6bcd073351bba9.js"

GET
H2 200 company-f58c4c93bb87ba63.js Show response
reasonlabs.com/_next/static/chunks/pages/ 14 KB
0 15ms
15ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/company-f58c4c93bb87ba63.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hnlns-1723184715557-f67ec4e93b38
age: 240543
x-matched-path: /_next/static/chunks/pages/company-f58c4c93bb87ba63.js
etag: W/"4d9d7a54137e67b9182d3aaa760a176e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="company-f58c4c93bb87ba63.js"

GET
H2 200 700415d0cd3af781.css Show response
reasonlabs.com/_next/static/css/ 8 KB
3 KB 38ms
15ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/700415d0cd3af781.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::l824g-1723184718026-f5ca3d082777
age: 240545
x-matched-path: /_next/static/css/700415d0cd3af781.css
etag: W/"a492d26bdd9f13391d56990d16102b67"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="700415d0cd3af781.css"

GET
H2 200 ea88be26-58ed6ef11764b90d.js Show response
reasonlabs.com/_next/static/chunks/ 299 KB
0 12ms
12ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/ea88be26-58ed6ef11764b90d.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723184715557-7d450fa92cde
age: 240543
x-matched-path: /_next/static/chunks/ea88be26-58ed6ef11764b90d.js
etag: W/"06fd9f72883d76e633821a2a49c5e00a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ea88be26-58ed6ef11764b90d.js"

GET
H2 200 334-32080295da286e1b.js Show response
reasonlabs.com/_next/static/chunks/ 37 KB
0 12ms
12ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/334-32080295da286e1b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715557-282ac9ef8316
age: 240543
x-matched-path: /_next/static/chunks/334-32080295da286e1b.js
etag: W/"7df4cb4701054c6232f09e0f4bc68ae0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="334-32080295da286e1b.js"

GET
H2 200 2769-806d4971ab81cede.js Show response
reasonlabs.com/_next/static/chunks/ 25 KB
0 13ms
13ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/2769-806d4971ab81cede.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::jbst9-1723184715557-44b50d65abbb
age: 240543
x-matched-path: /_next/static/chunks/2769-806d4971ab81cede.js
etag: W/"d7f581e10d3f964cd887d56d56ad2230"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="2769-806d4971ab81cede.js"

GET
H2 200 6704-0f25a7eb013f0542.js Show response
reasonlabs.com/_next/static/chunks/ 1 MB
0 13ms
13ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/6704-0f25a7eb013f0542.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::wnkcn-1723184715557-d46b8f8eff95
age: 240543
x-matched-path: /_next/static/chunks/6704-0f25a7eb013f0542.js
etag: W/"3764708a2bcac5893337a72604873fa0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="6704-0f25a7eb013f0542.js"

GET
H2 200 index-be0f6d764aebb9c2.js Show response
reasonlabs.com/_next/static/chunks/pages/ 38 KB
0 15ms
15ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/index-be0f6d764aebb9c2.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::v2gzc-1723184715557-8631667fdb72
age: 240543
x-matched-path: /_next/static/chunks/pages/index-be0f6d764aebb9c2.js
etag: W/"85baf6f0d8b41f85b1956e1e36bbac7a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="index-be0f6d764aebb9c2.js"

GET
H2 200 4b517cf790f3d021.css Show response
reasonlabs.com/_next/static/css/ 25 KB
6 KB 30ms
13ms Fetch
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/4b517cf790f3d021.css

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hnlns-1723184718026-fc7a0310c29c
age: 240545
x-matched-path: /_next/static/css/4b517cf790f3d021.css
etag: W/"4d8caf2a4e52c5dff358427a5604ddab"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4b517cf790f3d021.css"

GET
DATA 200
OK truncated
/ Frame ECA5 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame ECA5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame ECA5 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame ECA5 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame ECA5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame ECA5 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame ECA5 610 B
0 29ms
29ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::p9rnz-1723184716436-e2f77b5b58be
age: 240543
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
H2 200 chat Show response
reasonlabs.com/ Frame 9FA4 3 KB
70 B 22ms
19ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/chat
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811

Request headers

Referer: https://reasonlabs.com/chat
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
age: 240551
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Aug 2024 06:25:18 GMT
etag: W/"4bf7ca399674e33390637c947b868de6"
server: Vercel
x-matched-path: /chat
x-vercel-cache: HIT
x-vercel-id: iad1::v2gzc-1723184718093-b7e2e0d0c209

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 5FC2 20 KB
0 1ms
1ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjIklqDLDOkpEeJ9Nz66kT6iyoeXaWcowOPqxc%2FBj5a2DffL814uPMLp9STV0sSjabTe39UcxcOMHktXO5xs6no1hGJNOCqB9ACBV4aQJkp52MygkUsyAXg2%2BuBWqDCMTlN8C%2BL%2By%2BSbAPA2zo4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd78c0b-EWR

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 5FC2 105 B
0 2ms
2ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg3KUkfDFX%2FIoDxoMPmru7ZHEyCnvdK7UVbW17otk2J3EU2l5e9GSoJ%2BYTAyFvbYkU1XNM3y5qbp4K3WQPsN6UTBD7NPN%2FQE2k2pOeCcHKc1biaJhTcfQrn5D3UC6Os87ky1ycgIZSTTZTcVCU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd98c0b-EWR

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 5FC2 810 B
0 2ms
2ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snwyn1H0ijeXZ%2FC5cViW%2FWJkkD2u6t7VvSdT7oqgY0UF3VLZgovA2TOAXHzxsRL3DFJGSblFT2vcQ%2FSJAidbkQdlMDnxqA%2F5NQ5vEJ6UusFb2tRRZ8%2BTV%2BLGT5uFIkdn2%2BCokYU5bUfu%2BdbFxpA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: US
cf-ray: 8b05aafaadda8c0b-EWR

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 9FA4 40 KB
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d21aaba85f8de735.css
reasonlabs.com/_next/static/css/ Frame 9FA4 264 B
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d21aaba85f8de735.css
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
server: Vercel
x-vercel-id: iad1::nwxww-1723184715214-2b1a930e2ac8
age: 240543
x-matched-path: /_next/static/css/d21aaba85f8de735.css
etag: "0f2ea022bb6f1d1717049a15ec780a3f"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d21aaba85f8de735.css"
accept-ranges: bytes
content-length: 264

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ Frame 9FA4 21 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 39705
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:22 GMT
server: cloudflare
etag: 0x8DCB1C7D5F2964E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1a972cf-d01e-006d-5bb1-e39ff7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf54cd24340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 cbFrameCheckout-client-v1.05.js Show response
static-cf.cleverbridge.com/mycontent/1/ Frame 9FA4 29 KB
90 B 32ms
31ms Script
application/x-javascript 104.16.242.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-cf.cleverbridge.com/mycontent/1/cbFrameCheckout-client-v1.05.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.242.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 08 Aug 2024 17:48:02 GMT
server: cloudflare
age: 45436
access-control-max-age: 1000
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 8b05ab085e477d1e-EWR
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Fri, 09 Aug 2024 06:30:18 GMT

GET
H2 200 webpack-c0a49a0ea8bb59de.js Show response
reasonlabs.com/_next/static/chunks/ Frame 9FA4 28 KB
0 1ms
1ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/webpack-c0a49a0ea8bb59de.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hs7rb-1723184715013-4e7bea84dbc3
age: 240543
x-matched-path: /_next/static/chunks/webpack-c0a49a0ea8bb59de.js
etag: W/"998d6efb06697ec547c0456c0f3f2217"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-c0a49a0ea8bb59de.js"

GET
H2 200 framework-55c100e948d2158b.js Show response
reasonlabs.com/_next/static/chunks/ Frame 9FA4 127 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/framework-55c100e948d2158b.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184715020-2c539a53a7bc
age: 240543
x-matched-path: /_next/static/chunks/framework-55c100e948d2158b.js
etag: W/"7b9ec110f1b54d7133d41fc65e084f50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="framework-55c100e948d2158b.js"

GET
H2 200 main-299ff59bf9bd47f5.js Show response
reasonlabs.com/_next/static/chunks/ Frame 9FA4 106 KB
0 3ms
3ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/main-299ff59bf9bd47f5.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::p28p9-1723184715013-8a823bc1a4f1
age: 240543
x-matched-path: /_next/static/chunks/main-299ff59bf9bd47f5.js
etag: W/"9cb1fabcdc87d62d5e93540772f22e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-299ff59bf9bd47f5.js"

GET
H2 200 _app-c1844f8113186912.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 9FA4 140 KB
0 4ms
4ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::qnltm-1723184715013-170c1f74a07d
age: 240543
x-matched-path: /_next/static/chunks/pages/_app-c1844f8113186912.js
etag: W/"ebcc9a89ba8da7107c472230616d1057"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_app-c1844f8113186912.js"

GET
H2 200 chat-af607fa4a25c477a.js Show response
reasonlabs.com/_next/static/chunks/pages/ Frame 9FA4 4 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::hccg9-1723184715265-5f628211eada
age: 240543
x-matched-path: /_next/static/chunks/pages/chat-af607fa4a25c477a.js
etag: W/"d8abd07fbc03f8b38dacf2aee5bc4865"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="chat-af607fa4a25c477a.js"

GET
H2 200 _buildManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 9FA4 14 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::7llcv-1723184715013-060e86cbb06e
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_buildManifest.js
etag: W/"a0c464f717763b817c177dbe98340f0f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_buildManifest.js"

GET
H2 200 _ssgManifest.js Show response
reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/ Frame 9FA4 2 KB
0 5ms
5ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::fhvfd-1723184715018-d9d138f629d0
age: 240543
x-matched-path: /_next/static/5eUuBX5htYtNuQSXgmh55/_ssgManifest.js
etag: W/"e58723f88e43538eafccc5a22c5ddfbb"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="_ssgManifest.js"

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 9FA4 267 KB
0 5ms
5ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame ECA5 20 KB
0 2ms
2ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjIklqDLDOkpEeJ9Nz66kT6iyoeXaWcowOPqxc%2FBj5a2DffL814uPMLp9STV0sSjabTe39UcxcOMHktXO5xs6no1hGJNOCqB9ACBV4aQJkp52MygkUsyAXg2%2BuBWqDCMTlN8C%2BL%2By%2BSbAPA2zo4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd78c0b-EWR

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame ECA5 105 B
0 2ms
2ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg3KUkfDFX%2FIoDxoMPmru7ZHEyCnvdK7UVbW17otk2J3EU2l5e9GSoJ%2BYTAyFvbYkU1XNM3y5qbp4K3WQPsN6UTBD7NPN%2FQE2k2pOeCcHKc1biaJhTcfQrn5D3UC6Os87ky1ycgIZSTTZTcVCU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd98c0b-EWR

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame ECA5 810 B
0 2ms
2ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snwyn1H0ijeXZ%2FC5cViW%2FWJkkD2u6t7VvSdT7oqgY0UF3VLZgovA2TOAXHzxsRL3DFJGSblFT2vcQ%2FSJAidbkQdlMDnxqA%2F5NQ5vEJ6UusFb2tRRZ8%2BTV%2BLGT5uFIkdn2%2BCokYU5bUfu%2BdbFxpA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: US
cf-ray: 8b05aafaadda8c0b-EWR

GET
H2 200 176c39c5-cc91-4e42-aea9-437007289df9.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/ Frame 9FA4 5 KB
0 0ms
0ms XHR
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/176c39c5-cc91-4e42-aea9-437007289df9.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: gKmtabxTjnCJszgSfszYnQ==
age: 60765
content-length: 1795
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:20 GMT
server: cloudflare
etag: 0x8DC392CF357227C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 912d58b1-801e-004f-7a65-755ae8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf67bc11825-EWR

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 5FC2 0
715 B 57ms
56ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c3be3
date: Fri, 09 Aug 2024 06:25:18 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408090625183C83514F68A64B790B49-3082A9590155D0B8-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=21, cdn-cache; desc=MISS, edge; dur=8, origin; dur=24
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408090625183C83514F68A64B790B49
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 24,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ff933a29c8be67cd6ce0904815c6f6c76e3e0f1b4f4a90c2e9c19aeeeb4bd575842c19648ee624a056962aaf32fede78f75f5823e90ffa218137be25d05cb34365
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:18 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame ECA5 0
718 B 57ms
55ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c3be7
date: Fri, 09 Aug 2024 06:25:18 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251841BF7EEFABE1EF9FF876-236522349EE01AE6-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=20, cdn-cache; desc=MISS, edge; dur=8, origin; dur=24
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251841BF7EEFABE1EF9FF876
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 25,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b0a6d5b3229276d7e9852d91c9e439dfbce3893afebf5c974af3b9e15e7c64d8478a9909caa2f65387f7f9ef0b139fe54
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:18 GMT

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 53 KB
15 KB 26ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY06MZMS25XS7D7S
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSkBAxxTfIWQmGyTjBzt0dQbjYBfLk8HirkYY%2FdI7KGIBrjv%2FRtmcZHv0q%2BRx201XFAqu9GJPT7Y6ZPgdDNOHpfyZQCZSJOIOtwAd%2BuS1FmRpTQtVABXejKWnGc0dUuZCVJf%2Fxg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdc8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 9D52 66 KB
19 KB 27ms
26ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04J1HCS93337TJ
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2Oc821f0H31Ft%2Fmr7rMyGCxgPP98t10e4Jf2Wo4wnOW7uxu2nWvKZjLRgqrMKeKUXkgEvsRPQysagZXOqcxw2AuLDpdShjCELdpSRSnTdVmz4JjQO4J%2B9T%2BsjJw8Uw%2BWdt905U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdd8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 236 B
595 B 30ms
29ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: XWRA5GPT825749X7
age: 68861
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAKkp%2FIWe5KxlqYC2y57KXsAQeX1JQUm0QIhUGBFTmtCC8wZzTULwp75f5i%2BwsuxREyJcLjW4jXl%2F3f1IBs8R25p%2BZZ49QGx8ghdJHrVzEk6pnOGTlCVACPrhO5RJ%2FGswOQxEqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab096cf98c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ Frame 9FA4 69 B
162 B 28ms
27ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b05ab0a1dacc425-EWR
access-control-allow-headers: Content-Type

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 53 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY06MZMS25XS7D7S
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSkBAxxTfIWQmGyTjBzt0dQbjYBfLk8HirkYY%2FdI7KGIBrjv%2FRtmcZHv0q%2BRx201XFAqu9GJPT7Y6ZPgdDNOHpfyZQCZSJOIOtwAd%2BuS1FmRpTQtVABXejKWnGc0dUuZCVJf%2Fxg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdc8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 16C5 66 KB
0 1ms
1ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY04J1HCS93337TJ
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2Oc821f0H31Ft%2Fmr7rMyGCxgPP98t10e4Jf2Wo4wnOW7uxu2nWvKZjLRgqrMKeKUXkgEvsRPQysagZXOqcxw2AuLDpdShjCELdpSRSnTdVmz4JjQO4J%2B9T%2BsjJw8Uw%2BWdt905U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdd8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 236 B
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XWRA5GPT825749X7
age: 68861
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAKkp%2FIWe5KxlqYC2y57KXsAQeX1JQUm0QIhUGBFTmtCC8wZzTULwp75f5i%2BwsuxREyJcLjW4jXl%2F3f1IBs8R25p%2BZZ49QGx8ghdJHrVzEk6pnOGTlCVACPrhO5RJ%2FGswOQxEqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab096cf98c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ Frame 9FA4 10 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/chat-af607fa4a25c477a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 58
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3PJmv7Cah%2BYdcMt2afne3vwntJXw4QNPJLtH11XmPWy0Pqk81TscWZck%2BPcleNgFTWrKSNsvfWycUfCRsbDWIbfxwBXNLwQVaH146Y4NO5E5PYUaHYLq2y83UD0FcNHV0fUSP8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b05aaf94c428c93-EWR
access-control-allow-headers: *

POST
H2 200 / Show response
pac.rlproton.com/ Frame 9FA4 0
240 B 29ms
26ms Fetch 13.32.151.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pac.rlproton.com/
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/_next/static/chunks/pages/_app-c1844f8113186912.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.151.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-151-87.iad66.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept: application/json
Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
via: 1.1 e004b21574888e2383bc40e183527f92.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 0
x-amz-cf-id: mGe0OZThAh-m7QEit6kAAbRKRjayNBGboruqKwFFEKrQetSUpOzJkQ==

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 53 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY06MZMS25XS7D7S
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSkBAxxTfIWQmGyTjBzt0dQbjYBfLk8HirkYY%2FdI7KGIBrjv%2FRtmcZHv0q%2BRx201XFAqu9GJPT7Y6ZPgdDNOHpfyZQCZSJOIOtwAd%2BuS1FmRpTQtVABXejKWnGc0dUuZCVJf%2Fxg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdc8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 7356 66 KB
0 2ms
2ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY04J1HCS93337TJ
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2Oc821f0H31Ft%2Fmr7rMyGCxgPP98t10e4Jf2Wo4wnOW7uxu2nWvKZjLRgqrMKeKUXkgEvsRPQysagZXOqcxw2AuLDpdShjCELdpSRSnTdVmz4JjQO4J%2B9T%2BsjJw8Uw%2BWdt905U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdd8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 236 B
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XWRA5GPT825749X7
age: 68861
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAKkp%2FIWe5KxlqYC2y57KXsAQeX1JQUm0QIhUGBFTmtCC8wZzTULwp75f5i%2BwsuxREyJcLjW4jXl%2F3f1IBs8R25p%2BZZ49QGx8ghdJHrVzEk6pnOGTlCVACPrhO5RJ%2FGswOQxEqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab096cf98c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/ Frame 9FA4 383 KB
0 0ms
0ms Script
application/javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 49129
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:39 GMT
server: cloudflare
etag: 0x8DAC38DB3A195BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fd44b4dc-901e-0053-4f65-750888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf8ff474340-EWR
expires: Sat, 10 Aug 2024 06:25:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 9FA4 316 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 9FA4 242 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 9FA4 56 KB
41 B 18ms
16ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-type: application/javascript; charset=utf-8
x-cache: HIT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000072-IAD

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ Frame 9FA4 239 KB
0 1ms
1ms Script
application/javascript 2607:f8b0:400d:c0b::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FS2KL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 06:25:15 GMT

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.4.1/ Frame 9FA4 43 KB
0 2ms
2ms Script
application/javascript 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.4.1/accessibility.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
Origin: https://reasonlabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 14264
x-xss-protection: 1; mode=block
last-modified: Wed, 09 Nov 2022 10:14:59 GMT
server: cloudflare
etag: "80d3621f24f4d81:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1H1p3Y1tzpafrXkF3ElUD0DT8aiDVekgyt3a2H67YVRo8o937BJNjeQTwozIq9AeVM9gQozJ5IgJPY4Qhl7%2Bmwu%2BapyNKnlBokFoUKBVwzXprUZxxg5uAK46Uuvm33OmcA7n5TFZCVZ4OFO6ZM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aaf93cc38c0b-EWR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 9FA4 225 KB
0 2ms
2ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: RUivrcZcT335FmMjvtXLFJrzfU7Filr5qbER7HW9V/sqZy0nP/OZMEo/w0LbkKdcmFfxzH3yeO+L8bS1vh+ahQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ Frame 9FA4 5 KB
2 KB 31ms
27ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f5a350715ff005015653da21302c1b25f08b43407e0141532ecfeab35246f749

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3d4a
date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251841BF7EEFABE1EF9FF893-3CACC17819FBAC39-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=0, origin; dur=9
content-length: 1606
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251841BF7EEFABE1EF9FF893
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b66add7a2d5aa4cd7aff4d63d11189e51b35acd606b2df508bf3d32b05bac0dd8271b777d1f609c6cdd5733bb7b81ad02
expires: Fri, 09 Aug 2024 06:25:18 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 19 KB
20 KB 24ms
24ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 12831918
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCOJHfCTHo68NWij03rEaIE%2BzFMd2wgHwQimEwry%2B3YqP9MqbYY1ZY57IxkPgKYpAvFH7ZLJ2CYL1u9fFYzqlzNexcrwRJZT49goPj3g1T6ZQRErSAFwiRN8qZUNEBc7Wz2gqVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bbe6b8c93-EWR
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 173 KB
62 KB 31ms
30ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGrlbtPiOGR%2Fkk6%2FZqGDBwZyrlNP80AqadMu7hR%2FL4e9niNsh9nmmb%2BSJSxiULBMmuydW%2B%2Bl5GHFttp5qWP4bW9%2FLeMVXxCtG9Jnwx8yLruy6tx6QsH7HtsXXhSU97rhq2Cr%2BZ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce798c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 125 KB
37 KB 29ms
28ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPR414mx%2By9s8PEUmFDgIW4RFfBtIhJaEVS8KvQtfGER4USXipCT4IhM3ONOKXng%2B9jRad0ItRVXYjPP4xIYZjLeIQXszzsun1kNT6ijVjiLZ2IQmh7NQ%2FLLyG9WlJFoitxVjUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7a8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 35 KB
11 KB 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jPemX043Je9pFXqVQwPK%2BrHuwvfWysjvIuaozHa6gGGgej4L70CW8o%2B%2Fynpn6fybp%2FIfcPXSuUnnuZofTa%2B6m8KNsyDRMo2ccY%2BzACn%2F4tkxlODUdFiATxe0QXjmQQd8Ohahh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7b8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 9D52 37 KB
11 KB 26ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1W3unpJQ0TgWKDDjTh%2BPMwbyLrrgHHAE4hkwcORrx%2FVW6uSQsT64C62nN3oVYa7A24BrGik1kYiUluX8jWAYejkDFUVO5l72JFvlunVBTXmpq0s1sfSULm5nFcjCRQfnqftvnhA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7c8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 9D52 12 KB
5 KB 25ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 68848
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwJ0mOF%2FYxm1ZWyvFGNlmdtVIGaH74mYUKt%2Bv%2Bz9d6UauDL%2FLIZSjVk0UTf7081ACypZ56xETQgKbXZryJeZ56zZQ6l0ofL0KzHxdoXJ7AqOZAjuAne4IHMXzhJv2Ir3CnUg%2F48%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7e8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 0a782ba2-2d01-4434-974c-4d35b90d8809 Show response
ekr.zdassets.com/compose/ Frame 9FA4 1 KB
0 0ms
0ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/0a782ba2-2d01-4434-974c-4d35b90d8809

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8aff1b184de92629-SEA, 8aff1b184de92629-SEA, 8aff1b184de92629-SEA
x-runtime: 0.009568
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"55cabe8a68885742318ec080d9799313"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LxMxTuS%2FClWVrGHLFTujz%2BTI9d%2B431jA2L8w6%2F4AefGrup7ulieV90qQMjFhpKcDUIRPJj7VIF8yy7LmhyVRzzKePzM5kHFGYta6EKDxOsK%2BChzSS7JXIhc%2BRQGJ9hDFClE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b05aafadf41180d-EWR

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/ Frame 9FA4 30 KB
0 0ms
0ms Fetch
application/x-javascript 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/consent/176c39c5-cc91-4e42-aea9-437007289df9/a18094c1-dd60-4507-b42d-4f2f9f76e97f/en.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: s3PZdWUVNsl3Toq97yu7hA==
age: 41118
content-length: 8509
x-ms-lease-status: unlocked
last-modified: Thu, 29 Feb 2024 13:47:23 GMT
server: cloudflare
etag: 0x8DC392CF546DC70
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e0f007a0-601e-0047-7670-7540e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aaf9dd831825-EWR

GET
H2 200 adsct
t.co/i/ Frame 9FA4 43 B
164 B 123ms
122ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=6f36c0ba-d599-41af-bf43-e95292c58667&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fa6c76de-7d22-4f14-8b5d-7def17f82cbd&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 69
date: Fri, 09 Aug 2024 06:25:18 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 4f99fdd758b8ed3d
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 297258069dc53cc9066c9c2ab7edbf9c7a9a0d3ae5d2947ca8b246f96044dc1a
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 9FA4 43 B
113 B 41ms
40ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=6f36c0ba-d599-41af-bf43-e95292c58667&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fa6c76de-7d22-4f14-8b5d-7def17f82cbd&tw_document_href=https%3A%2F%2Freasonlabs.com%2Fchat&tw_document_referrer=https%3A%2F%2Freasonlabs.com%2Fchat&tw_iframe_status=1&tw_order_quantity=0&tw_sale_amount=0&txn_id=o8s8o&type=javascript&version=2.3.30

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Fri, 09 Aug 2024 06:25:18 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 1736f33bc227b3a9
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 7f8ad063afe92dcf03b3f387b6dbfb27435d3f47ad7074ed84f545a8ced55a20
content-length: 43

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 19 KB
0 0ms
0ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 12831918
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCOJHfCTHo68NWij03rEaIE%2BzFMd2wgHwQimEwry%2B3YqP9MqbYY1ZY57IxkPgKYpAvFH7ZLJ2CYL1u9fFYzqlzNexcrwRJZT49goPj3g1T6ZQRErSAFwiRN8qZUNEBc7Wz2gqVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bbe6b8c93-EWR
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 7356 19 KB
0 0ms
0ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 12831918
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCOJHfCTHo68NWij03rEaIE%2BzFMd2wgHwQimEwry%2B3YqP9MqbYY1ZY57IxkPgKYpAvFH7ZLJ2CYL1u9fFYzqlzNexcrwRJZT49goPj3g1T6ZQRErSAFwiRN8qZUNEBc7Wz2gqVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bbe6b8c93-EWR
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 main.MTM2ZmRjOGQyMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 9FA4 331 KB
0 0ms
0ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CIUICJBC77U9QO6OIV20&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c3418
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202408081344078F89007EC1B9FA523050
x-tt-trace-id: 00-2408081344078F89007EC1B9FA523050-2482DFFFF3D73CC3-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014a5b1316db7dc601d05c7f7ef87b676c6bf0ccb52103a8a5c3e99c7963020ae083b24334a9500c203a6b80d6b961761df3774fca84bca8da672cd0c0777868988566c7905df9bccbaead871dc2ccd8ea7b4c2f8ffadb86824f821b6ff3e8b69a
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 96240

GET
H2 200 306027671784119 Show response
connect.facebook.net/signals/config/ Frame 9FA4 64 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 06:25:15 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=65, mss=1328, tbw=64436, tp=-1, tpl=-1, uplat=66, ullat=0
pragma: public
x-fb-debug: jNrbwCiUgv4hkwFwSR26TWaA9DFG982/IhTg1tXihYuONNYFyYN+W+6ZOTjU5zj+/aeW7OTZxNaJF61UyMZTCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/ Frame 9FA4 2 KB
1 KB 40ms
39ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10933293401/?random=1723184718897&cv=11&fst=1723184718897&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10933293401&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa7e4075c9304077acac1d67ef0adb56583bd4fc50a1664ac02bd491e6e7bf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1372
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 173 KB
0 31ms
30ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGrlbtPiOGR%2Fkk6%2FZqGDBwZyrlNP80AqadMu7hR%2FL4e9niNsh9nmmb%2BSJSxiULBMmuydW%2B%2Bl5GHFttp5qWP4bW9%2FLeMVXxCtG9Jnwx8yLruy6tx6QsH7HtsXXhSU97rhq2Cr%2BZ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce798c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 125 KB
0 29ms
28ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPR414mx%2By9s8PEUmFDgIW4RFfBtIhJaEVS8KvQtfGER4USXipCT4IhM3ONOKXng%2B9jRad0ItRVXYjPP4xIYZjLeIQXszzsun1kNT6ijVjiLZ2IQmh7NQ%2FLLyG9WlJFoitxVjUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7a8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 35 KB
0 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jPemX043Je9pFXqVQwPK%2BrHuwvfWysjvIuaozHa6gGGgej4L70CW8o%2B%2Fynpn6fybp%2FIfcPXSuUnnuZofTa%2B6m8KNsyDRMo2ccY%2BzACn%2F4tkxlODUdFiATxe0QXjmQQd8Ohahh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7b8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 16C5 37 KB
0 26ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1W3unpJQ0TgWKDDjTh%2BPMwbyLrrgHHAE4hkwcORrx%2FVW6uSQsT64C62nN3oVYa7A24BrGik1kYiUluX8jWAYejkDFUVO5l72JFvlunVBTXmpq0s1sfSULm5nFcjCRQfnqftvnhA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7c8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 16C5 12 KB
0 25ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 68848
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwJ0mOF%2FYxm1ZWyvFGNlmdtVIGaH74mYUKt%2Bv%2Bz9d6UauDL%2FLIZSjVk0UTf7081ACypZ56xETQgKbXZryJeZ56zZQ6l0ofL0KzHxdoXJ7AqOZAjuAne4IHMXzhJv2Ir3CnUg%2F48%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7e8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/ Frame 9FA4 2 KB
1 KB 40ms
39ms Script
text/javascript 2607:f8b0:400d:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781451429/?random=1723184718955&cv=11&fst=1723184718955&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-781451429&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::9a Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e16623aa458e92e8b47c519b0704c98aa40c5347620f14f66b8c5b29d0e273a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1371
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 173 KB
0 31ms
30ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY04861C01V781QR
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGrlbtPiOGR%2Fkk6%2FZqGDBwZyrlNP80AqadMu7hR%2FL4e9niNsh9nmmb%2BSJSxiULBMmuydW%2B%2Bl5GHFttp5qWP4bW9%2FLeMVXxCtG9Jnwx8yLruy6tx6QsH7HtsXXhSU97rhq2Cr%2BZ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce798c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 125 KB
0 29ms
28ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY05P287ZXF981GQ
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPR414mx%2By9s8PEUmFDgIW4RFfBtIhJaEVS8KvQtfGER4USXipCT4IhM3ONOKXng%2B9jRad0ItRVXYjPP4xIYZjLeIQXszzsun1kNT6ijVjiLZ2IQmh7NQ%2FLLyG9WlJFoitxVjUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7a8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 35 KB
0 28ms
27ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jPemX043Je9pFXqVQwPK%2BrHuwvfWysjvIuaozHa6gGGgej4L70CW8o%2B%2Fynpn6fybp%2FIfcPXSuUnnuZofTa%2B6m8KNsyDRMo2ccY%2BzACn%2F4tkxlODUdFiATxe0QXjmQQd8Ohahh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7b8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7356 37 KB
0 26ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1W3unpJQ0TgWKDDjTh%2BPMwbyLrrgHHAE4hkwcORrx%2FVW6uSQsT64C62nN3oVYa7A24BrGik1kYiUluX8jWAYejkDFUVO5l72JFvlunVBTXmpq0s1sfSULm5nFcjCRQfnqftvnhA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7c8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 7356 12 KB
0 25ms
25ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: WSSF3QZ6484TAP2W
age: 68848
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwJ0mOF%2FYxm1ZWyvFGNlmdtVIGaH74mYUKt%2Bv%2Bz9d6UauDL%2FLIZSjVk0UTf7081ACypZ56xETQgKbXZryJeZ56zZQ6l0ofL0KzHxdoXJ7AqOZAjuAne4IHMXzhJv2Ir3CnUg%2F48%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7e8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-main-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 972 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0a782ba2-2d01-4434-974c-4d35b90d8809
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: XVPkWmhDNxl_35s0CQYiQpjVDlUueHnR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: EKH3SYBFDADZ3R56
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: avysz2FuyPpgXVcnbhYUQ79SKtpKxaMlKSh8heV4s22Mxbb0LBhZwSC84oRaSwMH85vE92q9CVQ=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"d50ce7434beee44cd35c484b06297d16"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJbIpkarg5DGT5YFmCUTehizhzoLTC2w5Hw1YXdJlwUBv5kKlx%2BFSHB57GaOyzxeHo2mCRH5tuU%2FGDiL7sxL5sYXzWILXvg%2FfOTsiqT5bkGNHmYNZYrjcD8CLTereIrvY7M2VUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aafc0d898c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 9FA4 0
0 23ms
22ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020z8853740014za200zb853740014&_p=1723184718250&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_s=1&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=page_view&tfd=911
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EWLR9P86R1&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 16C5 131 B
661 B 39ms
38ms XHR
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:19 GMT
strict-transport-security: max-age=31536000;
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 481
x-zendesk-origin-server: embeddable-app-server-855d4bc785-98qxf
x-cached: HIT
x-request-id: 8aeb542c8d7b18ea-EWR
x-runtime: 0.156223
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUZ0RgbiapNFNOWF0743rvcPvOXblexUEShzCIhdgL1u4iZPFbLpoZCrZ1%2BaYclEGttd7KkSH8U82sOaGIxCNPlWTibPhgv4CNOUA9Zwq8qstNhCK0VskgFvzfno%2BFXqdVNi3jjKbmqidvy1"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05ab0dea526a59-EWR

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 7356 131 B
0 0ms
0ms XHR
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 481
x-zendesk-origin-server: embeddable-app-server-855d4bc785-98qxf
x-cached: HIT
x-request-id: 8aeb542c8d7b18ea-EWR
x-runtime: 0.156223
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUZ0RgbiapNFNOWF0743rvcPvOXblexUEShzCIhdgL1u4iZPFbLpoZCrZ1%2BaYclEGttd7KkSH8U82sOaGIxCNPlWTibPhgv4CNOUA9Zwq8qstNhCK0VskgFvzfno%2BFXqdVNi3jjKbmqidvy1"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05ab0dea526a59-EWR

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 9D52 131 B
0 0ms
0ms XHR
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 481
x-zendesk-origin-server: embeddable-app-server-855d4bc785-98qxf
x-cached: HIT
x-request-id: 8aeb542c8d7b18ea-EWR
x-runtime: 0.156223
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUZ0RgbiapNFNOWF0743rvcPvOXblexUEShzCIhdgL1u4iZPFbLpoZCrZ1%2BaYclEGttd7KkSH8U82sOaGIxCNPlWTibPhgv4CNOUA9Zwq8qstNhCK0VskgFvzfno%2BFXqdVNi3jjKbmqidvy1"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05ab0dea526a59-EWR

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 9FA4 13 KB
0 1ms
1ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otFlat.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: e46v9E9tm8neLGw2SIjXTA==
age: 42633
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:27 GMT
server: cloudflare
etag: 0x8DAC38DAC04FFC7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 707ad263-a01e-003a-3670-7531c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe121825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otPcCenter.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/ Frame 9FA4 61 KB
0 1ms
1ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/v2/otPcCenter.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 65881
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD9D7216
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 3343fb24-701e-0039-0a5b-75d0a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe141825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 9FA4 5 KB
0 1ms
1ms Fetch
application/json 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCookieSettingsButton.json
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: mKXyB0i0e/ovyyYLJHrm7w==
age: 65881
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:29 GMT
server: cloudflare
etag: 0x8DAC38DAD491A40
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 97be8b39-e01e-0049-5565-756957000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafbbe151825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/ Frame 9FA4 21 KB
0 1ms
1ms Fetch
text/css 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/assets/otCommonStyles.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 65881
x-ms-lease-status: unlocked
last-modified: Fri, 11 Nov 2022 02:37:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 57c9524f-f01e-0045-6d65-75fe5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafbbe161825-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ Frame 9FA4 146 KB
0 0ms
0ms Script
application/javascript 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b2c34bc
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240729124141D36607BF3EAAB635524F
x-tt-trace-id: 00-240729124141D36607BF3EAAB635524F-172072EF957F5518-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0181e76db46024eb32ec47011d7c44f21ec4748f634318532911c988e62efe54610f2c5018ed5274f44cef92a92a67e4ef16f5f25123960c9034d98a8122da1cec274814d7ad2b11e3e6b39a9db5ce56102057d8ad8b6900dd52f39d12e08816f6
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=5
content-length: 39564

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ Frame 9FA4 0
718 B 71ms
68ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c4033
date: Fri, 09 Aug 2024 06:25:19 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251941BF7EEFABE1EF9FF8CC-4C88260F3860D0C1-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=40, cdn-cache; desc=MISS, edge; dur=7, origin; dur=43
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251941BF7EEFABE1EF9FF8CC
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 44,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303b50755969bf868a319fbd4d2761202466e0a1f759aa6db6e341fed80ec21c6fa37213ed3184624d813fc1bf6d0b42df65
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:19 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10933293401/ Frame 9FA4 42 B
64 B 53ms
52ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10933293401/?random=1723184718897&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181795201z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfUc8K_TaifJHWRCpq0QdDqssZIr8LG_ZEnHk0SdpdEeqRKzkN&random=497925841&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:19 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/781451429/ Frame 9FA4 42 B
64 B 32ms
31ms Image
image/gif 2607:f8b0:400d:c0f::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/781451429/?random=1723184718955&cv=11&fst=1723183200000&bg=ffffff&guid=ON&async=1&gtm=45be4880v9181628618z8853740014za201zb853740014&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&ref=https%3A%2F%2Freasonlabs.com%2Fchat&hn=www.googleadservices.com&frm=1&tiba=Chat&npa=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf0BxOOJldxN1r6iNWtS8vRyZ8HeF01goE1vD4Kn3zgsDtbxxq&random=1977137485&rmt_tld=0&ipr=y

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:19 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 9FA4 0
16 B 17ms
16ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723184719530&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184718867&coo=false&rqm=GET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=26, mss=1232, tbw=8446, tp=20, tpl=0, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 06:25:19 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ Frame 9FA4 67 B
194 B 33ms
32ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=306027671784119&ev=PageView&dl=https%3A%2F%2Freasonlabs.com%2Fchat&rl=https%3A%2F%2Freasonlabs.com%2Fchat&if=true&ts=1723184719530&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723184716201.908005160177313985&ler=empty&cdl=API_unavailable&it=1723184718867&coo=false&rqm=FGET

Requested by

Host: reasonlabs.com
URL: https://reasonlabs.com/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 06:25:19 GMT
document-policy: force-load-at-top
x-fb-server-load: 27
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401022015052804841", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=26, mss=1232, tbw=8638, tp=22, tpl=0, uplat=17, ullat=0
pragma: no-cache
x-fb-debug: /i3ep6dynH2SqgWrOwWwNMSs1CEUa6rYLnJyRNb4JYOI146Jy99P0ouqzg1m+NCYhS4qw+RV7qfgFBPArdYz6Q==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401022015052804841"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 en-us-json-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 95E4 25 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: y3CenoNn0.ByxHWRnchTqtXN9pI5nZvs
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MHGCDDAN38T054XK
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: CwIxFvte7lIa/Ua2PqD/jZM7eOpf/QhrCwD64xHplKclJMxUH1QqB7799pd4oA0zc4/RDr+7LgH+rtedATS9OfeQp0k/p99V
last-modified: Mon, 05 Aug 2024 10:44:18 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvqsRFbhfxBhKYSAPpgR4iHBJ7etIpwy4HwZhj92ZTi9ZcnytVylscFKAT8LHhGyaSKXOIm5zIihaDfW34IveQ1DZmSq15E455JEL%2Bu4Ws9FOJuHywYaMiBIrxxAUSYWSMvursk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05aaff0f6d8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:17 GMT

GET
H2 200 config Show response
reasonsecurity.zendesk.com/embeddable/ Frame 95E4 688 B
0 0ms
0ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-855d4bc785-zp9l4
x-cached: STALE
x-request-id: 8b05aaff7b296a59-ATL
x-runtime: 0.002404
last-modified: Fri, 09 Aug 2024 06:25:16 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5WaNXdqZ7VOPp0fp%2BRb2GZpkKOFZ%2FnnAGV%2FIbhv6mB8RDANVGDyCBarwNoD3bCIHnJ7n1qlo70unJFux99BJL9Dwe449GmFMcPWPV32%2FlwujpiTDp%2ByECum3VuIT6gjs66CTwmHoiuXAAcSa"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b05aaff7b296a59-EWR

GET
H2 404 ot_guard_logo.svg Show response
reasonlabs.com/ Frame 9FA4 23 KB
4 KB 32ms
31ms Fetch
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://reasonlabs.com/ot_guard_logo.svg

Requested by

Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:19 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: iad1::hccg9-1723184719624-317d017add7e
age: 240579
x-matched-path: /404
etag: W/"c9ce98709a707791e56a1ec295dcfd45"
x-vercel-cache: HIT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline

GET
H2 200 cookiepro_logo.png
cookie-cdn.cookiepro.com/logos/static/ Frame 9FA4 33 KB
0 1ms
1ms Image
image/png 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/cookiepro_logo.png
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
cf-cache-status: HIT
content-md5: IipuN9Einq/0wIZw6VIt/g==
age: 49207
cf-polished: origSize=36419
content-length: 33302
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
server: cloudflare
etag: 0x8DCB1C7D83F9593
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 3177f3c2-c01e-005e-625d-e4c05c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b05aafc69aa4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ Frame 9FA4 5 KB
0 1ms
1ms Image
image/svg+xml 2606:4700::6812:e3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg
Requested by: Host: reasonlabs.com
URL: https://reasonlabs.com/chat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 06:25:16 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 53395
x-ms-lease-status: unlocked
last-modified: Thu, 01 Aug 2024 01:18:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: bd68331b-f01e-0008-3d28-e431b3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b05aafc69ab4340-EWR
expires: Sat, 10 Aug 2024 06:25:16 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 9FA4 0
719 B 55ms
54ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b2c40de
date: Fri, 09 Aug 2024 06:25:19 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080906251941BF7EEFABE1EF9FF8DE-2CF60C4D0EFCA5CC-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
server-timing: inner; dur=18, cdn-cache; desc=MISS, edge; dur=8, origin; dur=22
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080906251941BF7EEFABE1EF9FF8DE
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 22,23.218.222.75
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae65bc545f615aa27bcc4fd58f5fefbf8ffd29cb3e499e1e8cd017df3f1e29e303bb988d824dbc905d578ed429b37be5d74664321efaf3b8bc74074614e51371001ebbe3fe2f078d8b3c7c18e25ccad3b19
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:19 GMT

GET
H2 200 web-widget-chat-sdk-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 216 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
x-amz-version-id: dKE5J390nsKezcdloEsUPy1fuNyQ5Dv6
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: MZ23DWD3MR0S0Y7D
age: 68860
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: GemoIxPCL+1ov9/gQlVI7wYRg2AvIOG0F/Ob6RqR5nj4d3oaNwhxcXybuXrfo4qYOPohXVYwOu0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf7f24c006f934261d7ff732b528402b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoQ2z%2FWwxaPBC4iwr0oay8UZkiH2tZy%2BMtFGfLr96C9SL8geFTKyVQp4z8qkfvp6VGNUEm%2FzDtfgX5rgZiV7K7zzKvHWHM16YZ%2FD%2BvIGEy9ZGDioYXzdbVx9ILpWjV9brYn5MLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0068388c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 e0c8ef400c54d51a.css
reasonlabs.com/_next/static/css/ Frame 9FA4 40 KB
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/e0c8ef400c54d51a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:14 GMT
content-encoding: br
server: Vercel
x-vercel-id: iad1::ln2qk-1723184714989-8c36dbb1a5a4
age: 240543
x-matched-path: /_next/static/css/e0c8ef400c54d51a.css
etag: W/"56bdcfac968e4ecb22330c5f43b33824"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e0c8ef400c54d51a.css"

GET
H2 200 d88fbad71076cf9a.css
reasonlabs.com/_next/static/css/ Frame 9FA4 610 B
0 0ms
0ms Stylesheet
text/css 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonlabs.com/_next/static/css/d88fbad71076cf9a.css
Requested by: Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202211.1.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Vercel /
Resource Hash: 95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5

Request headers

Referer: https://reasonlabs.com/chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
server: Vercel
x-vercel-id: iad1::p9rnz-1723184716436-e2f77b5b58be
age: 240543
x-matched-path: /_next/static/css/d88fbad71076cf9a.css
etag: "bf4c527ce67ffc2ba4d93f47f9e037db"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d88fbad71076cf9a.css"
accept-ranges: bytes
content-length: 610

GET
DATA 200
OK truncated
/ Frame 9FA4 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 9FA4 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FA4 81 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FA4 77 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FA4 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9FA4 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ Frame 9FA4 20 KB
0 2ms
2ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 4132
x-xss-protection: 1; mode=block
last-modified: Sun, 04 Aug 2024 09:43:49 GMT
server: cloudflare
etag: "80f8acce52e6da1:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjIklqDLDOkpEeJ9Nz66kT6iyoeXaWcowOPqxc%2FBj5a2DffL814uPMLp9STV0sSjabTe39UcxcOMHktXO5xs6no1hGJNOCqB9ACBV4aQJkp52MygkUsyAXg2%2BuBWqDCMTlN8C%2BL%2By%2BSbAPA2zo4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd78c0b-EWR

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ Frame 9FA4 105 B
0 2ms
2ms Fetch
text/css 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' ;
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 235222
content-length: 201
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
server: cloudflare
etag: "3f26cd3dfbc1d41:0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xg3KUkfDFX%2FIoDxoMPmru7ZHEyCnvdK7UVbW17otk2J3EU2l5e9GSoJ%2BYTAyFvbYkU1XNM3y5qbp4K3WQPsN6UTBD7NPN%2FQE2k2pOeCcHKc1biaJhTcfQrn5D3UC6Os87ky1ycgIZSTTZTcVCU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-frame-options: deny
x-client-country: US
accept-ranges: bytes
cf-ray: 8b05aafaadd98c0b-EWR

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ Frame 9FA4 810 B
0 2ms
2ms Fetch
application/json 2606:4700:20::681a:d5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.4.1/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:d5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:16 GMT
content-security-policy: default-src 'self' ;
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
server: cloudflare
etag: W/"f45920b9fc61d71:0"
x-frame-options: deny
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snwyn1H0ijeXZ%2FC5cViW%2FWJkkD2u6t7VvSdT7oqgY0UF3VLZgovA2TOAXHzxsRL3DFJGSblFT2vcQ%2FSJAidbkQdlMDnxqA%2F5NQ5vEJ6UusFb2tRRZ8%2BTV%2BLGT5uFIkdn2%2BCokYU5bUfu%2BdbFxpA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2204800
access-control-allow-credentials: true
x-client-country: US
cf-ray: 8b05aafaadda8c0b-EWR

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ Frame 9FA4 0
873 B 62ms
60ms Ping
text/plain 23.205.106.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-75.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 24e134e4.b2c41ef
date: Fri, 09 Aug 2024 06:25:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240809062520A85BE19C8CF6FFA355E9-3C5590A291AB1523-00
x-cache: TCP_MISS from a23-218-222-75.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
x-parent-response-time: 32,23.218.222.75
server-timing: cdn-cache; desc=MISS, edge; dur=10, origin; dur=29, inner; dur=25
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240809062520A85BE19C8CF6FFA355E9
x-cache-remote: TCP_MISS from a23-48-100-16.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1-8b2dfe3939b99771c02ec6eca94739cd) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 29,23.48.100.16
x-tt-trace-host: 01805dd5b33f2fecd0b1907d90c6a9fae657338a2c6c710ee61216b3a50c6b7bac647af9da9fec936e533de2a2af6dac1cc8a290ebc6d90afee2d23b6f5f2214b4fbf94237b38cc3cefd9bc993c6a560c8b3ec43a0113a54072b9abde54f25ef76230f390ca5bc79293e9dd364ebfca55f
access-control-allow-headers: Authorization,*
expires: Fri, 09 Aug 2024 06:25:20 GMT

GET
H2 200 web-widget-4261-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 53 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-4261-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: YWrett9GpyjI8wUJOTzuDHSuq3d1XIua
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY06MZMS25XS7D7S
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: A/QVeGBg7cJdHVUY7CbZMl1waZqF4cEgI63pym7EjpriGluwlubB6ROdkkoZvSANoGVNwk7Sq7+CrvpjggQJNQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"dc491080cf58a51f25e19fd8f2a357ad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSkBAxxTfIWQmGyTjBzt0dQbjYBfLk8HirkYY%2FdI7KGIBrjv%2FRtmcZHv0q%2BRx201XFAqu9GJPT7Y6ZPgdDNOHpfyZQCZSJOIOtwAd%2BuS1FmRpTQtVABXejKWnGc0dUuZCVJf%2Fxg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdc8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 embeds-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 95E4 66 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/embeds-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 7lsIyzixGUo0syjm_wpgmecfT_xOwWwD
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY04J1HCS93337TJ
age: 68850
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Lebfh82nGPzScCpIkX4xvZOamBkyYwE87NYXX8WQEaOSYTQ39sdgndJaxYbMDvRnoMdwZSIP7SMwss7bXE9IGQ==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"74973835a21b3a876cfcbd2147981319"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2Oc821f0H31Ft%2Fmr7rMyGCxgPP98t10e4Jf2Wo4wnOW7uxu2nWvKZjLRgqrMKeKUXkgEvsRPQysagZXOqcxw2AuLDpdShjCELdpSRSnTdVmz4JjQO4J%2B9T%2BsjJw8Uw%2BWdt905U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab092cdd8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 236 B
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: oX8aKyJv.vwJYNBkaAz00zPsr8yVK5dN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XWRA5GPT825749X7
age: 68861
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: wjjGxPW+U08s+8LJIIUPuoxF1gtlNCHAE3GB2JsLaejChuRP6R9SYO4X1QI8T5ONdL7LJkKMyJc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAKkp%2FIWe5KxlqYC2y57KXsAQeX1JQUm0QIhUGBFTmtCC8wZzTULwp75f5i%2BwsuxREyJcLjW4jXl%2F3f1IBs8R25p%2BZZ49QGx8ghdJHrVzEk6pnOGTlCVACPrhO5RJ%2FGswOQxEqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab096cf98c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6136-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 173 KB
0 0ms
0ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-6136-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: xiovqWibCE52kaRorE9oe97.yAOhsO51
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY04861C01V781QR
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: xZowTGbOXYjOHsPqUdCrM8BzIbJEoCu4Bv/NBe5daaEPoFWSXB3h0h2Q1UKzVroR9nqz8VMJyU5DlOXurUuAlg==
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"bf3a2c87bfb8ec593b86001d936ceb39"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yGrlbtPiOGR%2Fkk6%2FZqGDBwZyrlNP80AqadMu7hR%2FL4e9niNsh9nmmb%2BSJSxiULBMmuydW%2B%2Bl5GHFttp5qWP4bW9%2FLeMVXxCtG9Jnwx8yLruy6tx6QsH7HtsXXhSU97rhq2Cr%2BZ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce798c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-563-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 125 KB
0 2ms
2ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-563-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: coRmGPsDw23DU45KIF4BaJeeWa.JnYlf
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY05P287ZXF981GQ
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qa4T+5cSxTY2UWMkx50b30pbjiTO/9o72Fa7zvlDoyZrdki3kiP8xmI/whBujXRqqUsInhIjJo0=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"56c43139758c496e8f6cd638041c6ea2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPR414mx%2By9s8PEUmFDgIW4RFfBtIhJaEVS8KvQtfGER4USXipCT4IhM3ONOKXng%2B9jRad0ItRVXYjPP4xIYZjLeIQXszzsun1kNT6ijVjiLZ2IQmh7NQ%2FLLyG9WlJFoitxVjUc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7a8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-1193-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 35 KB
0 2ms
2ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-1193-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: FEUGQig2jq7FnNHAs3yRCLOCSgdJS8hJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY0EVSM8TAHTGQG5
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: iYf1wZ6KTusiyK9Z+w44+hH2IkQAgrUApyHFzOyjFie5ntZjYJFVEnHSztyaM73LAGAFe8MtM9s=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"7833bee93eabffc1db154b449ce4f690"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jPemX043Je9pFXqVQwPK%2BrHuwvfWysjvIuaozHa6gGGgej4L70CW8o%2B%2Fynpn6fybp%2FIfcPXSuUnnuZofTa%2B6m8KNsyDRMo2ccY%2BzACn%2F4tkxlODUdFiATxe0QXjmQQd8Ohahh8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7b8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 web-widget-6585-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 37 KB
0 3ms
3ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-6585-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: 3xzRYtcCn76..X0UAfZXHebtISVJfbB.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WY0DP6YYRXDDP4V7
age: 68849
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: vrl+FkS4KixQTd/sv6+y+eIngkGbNCXpWXehtEy1yJiu2WHHGXPqmTQLcL+A2PFL5wibh95AfAc=
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"3c82fe728ad21b20387f9bd2db7b7058"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1W3unpJQ0TgWKDDjTh%2BPMwbyLrrgHHAE4hkwcORrx%2FVW6uSQsT64C62nN3oVYa7A24BrGik1kYiUluX8jWAYejkDFUVO5l72JFvlunVBTXmpq0s1sfSULm5nFcjCRQfnqftvnhA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7c8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:15 GMT

GET
H2 200 support-d3f9e9b.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-lazy/ Frame 95E4 12 KB
0 5ms
4ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-lazy/support-d3f9e9b.js
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: dzRJfJItO.3HINvNMH.gEXo22oHU.JIz
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WSSF3QZ6484TAP2W
age: 68848
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: qA1zf+c+temzkns9c8KwEr0j5YP2kvsiBDAF81exA6F9O2A6xLdk8PtM/hPYbRlKcqdSL3uZvVhwmqp0k+QxPF7nrpweajVw
last-modified: Mon, 05 Aug 2024 10:44:17 GMT
server: cloudflare
etag: W/"a7c58c4646958a96046997da93d41af5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GwJ0mOF%2FYxm1ZWyvFGNlmdtVIGaH74mYUKt%2Bv%2Bz9d6UauDL%2FLIZSjVk0UTf7081ACypZ56xETQgKbXZryJeZ56zZQ6l0ofL0KzHxdoXJ7AqOZAjuAne4IHMXzhJv2Ir3CnUg%2F48%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bce7e8c93-EWR
access-control-allow-headers: *
expires: Tue, 05 Aug 2025 10:44:16 GMT

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 95E4 19 KB
0 0ms
0ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 09 Aug 2024 06:25:18 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 12831918
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCOJHfCTHo68NWij03rEaIE%2BzFMd2wgHwQimEwry%2B3YqP9MqbYY1ZY57IxkPgKYpAvFH7ZLJ2CYL1u9fFYzqlzNexcrwRJZT49goPj3g1T6ZQRErSAFwiRN8qZUNEBc7Wz2gqVo%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b05ab0bbe6b8c93-EWR
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

GET
H2 200 ticket_fields Show response
reasonsecurity.zendesk.com/embeddable/ Frame 95E4 131 B
0 0ms
0ms XHR
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://reasonsecurity.zendesk.com/embeddable/ticket_fields?field_ids=360012732372&locale=en-us
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d3f9e9b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb

Request headers

Accept-Language: en-us
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 06:25:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 481
x-zendesk-origin-server: embeddable-app-server-855d4bc785-98qxf
x-cached: HIT
x-request-id: 8aeb542c8d7b18ea-EWR
x-runtime: 0.156223
server: cloudflare
etag: W/"3e8c95e5a7888237af536dd89a3c9133"
x-zendesk-zorg: yes
vary: Accept, Origin, Accept-Encoding
access-control-max-age: 7200
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUZ0RgbiapNFNOWF0743rvcPvOXblexUEShzCIhdgL1u4iZPFbLpoZCrZ1%2BaYclEGttd7KkSH8U82sOaGIxCNPlWTibPhgv4CNOUA9Zwq8qstNhCK0VskgFvzfno%2BFXqdVNi3jjKbmqidvy1"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: max-age=600, public
content-type: application/json; charset=utf-8
cf-ray: 8b05ab0dea526a59-EWR

POST
H3 204 collect
analytics.google.com/g/ Frame A677 0
0 30ms
29ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723184715304&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=6083
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 5FC2 0
0 25ms
25ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723184716836&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5751
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame ECA5 0
0 25ms
24ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723184716869&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fresearch%2Fnew-widespread-extension-trojan-malware-campaign&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5804
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
analytics.google.com/g/ Frame 9FA4 0
0 27ms
26ms Fetch
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-EWLR9P86R1&gtm=45je4880v888969020za200zb853740014&_p=1723184718250&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=874283651.1723184716&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=AEA&_s=2&sid=1723184715&sct=1&seg=1&dl=https%3A%2F%2Freasonlabs.com%2Fchat&dr=https%3A%2F%2Freasonlabs.com%2Fchat&dt=Chat&en=scroll&epn.percent_scrolled=90&tfd=5916
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTM2ZmRjOGQyMA.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://reasonlabs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 06:25:24 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://reasonlabs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reasonlabs.com/	1970-01-21 07:25:20	Name: ruserid Value: d05a98d0-1de9-4901-906b-82de0d1ac5ef
.tiktok.com/	1970-01-21 08:01:20	Name: _ttp Value: 2kPUTqH1bmTtymH1Gvb1Leoz6oq
.reasonlabs.com/	1970-01-21 08:15:44	Name: _ga Value: GA1.1.874283651.1723184716
.doubleclick.net/	1970-01-21 08:15:44	Name: IDE Value: AHWqTUm1TKcmtaxJmBwZtV99fAZX-dUKGRy6uG6WaITcaJvxLBtXDC5jj_737X7C
.reasonlabs.com/	1970-01-21 00:49:20	Name: _fbp Value: fb.1.1723184716201.908005160177313985
.twitter.com/	1970-01-21 08:15:44	Name: personalization_id Value: "v1_yqvCfRIw42H5bulaz2HMEg=="
.t.co/	1970-01-21 08:15:44	Name: muc_ads Value: ddaea113-23e3-482b-b7c5-99cc25849d6c
.reasonlabs.com/	1970-01-21 08:01:20	Name: _tt_enable_cookie Value: 1
.reasonlabs.com/	1970-01-21 08:01:20	Name: _ttp Value: r5XlElbSPXG2oMvMu3GmK3fpNO1
.reasonlabs.com/	1970-01-21 07:25:20	Name: __zlcmid Value: 1NAmvlKEnlobObQ
.reasonlabs.com/	1970-01-21 08:15:44	Name: _ga_EWLR9P86R1 Value: GS1.1.1723184715.1.1.1723184719.56.0.0
.reasonlabs.com/	1970-01-21 07:25:20	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Aug+08+2024+20%3A25%3A19+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202211.1.0&isIABGlobal=false&hosts=&landingPath=NotLandingPage&AwaitingReconsent=false&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
widget-mediator.zopim.com/	1970-01-20 22:49:49	Name: AWSALBCORS Value: EPuMa379Oaqk4eKZCMTtUup3VBF8d9+UF1OTMoOE+Bz4TG5qQRlA9f5ksqBinKcVCKxrGqtRjfco33dgBd/h2M0cnsOunDHJOVjL285e8S50INm84vviygGMED8S

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://reasonlabs.com/ot_guard_logo.svg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
analytics.tiktok.com
analytics.twitter.com
cdn.equalweb.com
cdn.reasonlabs.com
connect.facebook.net
cookie-cdn.cookiepro.com
ekr.zdassets.com
geolocation.onetrust.com
googleads.g.doubleclick.net
pac.rlproton.com
reasonlabs.com
reasonsecurity.zendesk.com
static-cf.cleverbridge.com
static.ads-twitter.com
static.zdassets.com
stats.g.doubleclick.net
t.co
www.facebook.com
www.google.com
www.googletagmanager.com
104.16.242.229
104.16.53.111
104.18.70.113
104.18.72.113
104.244.42.195
13.32.151.87
146.75.28.157
2001:4860:4802:32::181
23.205.106.75
2600:9000:26c1:6600:16:b250:9b40:93a1
2606:4700:20::681a:d5f
2606:4700::6812:1d7f
2606:4700::6812:e3e
2607:f8b0:400d:c09::9d
2607:f8b0:400d:c0b::61
2607:f8b0:400d:c0b::9a
2607:f8b0:400d:c0f::93
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
72.21.81.130
76.76.21.21
016c702b4f5fe217c58e726cb7b5c4781e2783a1f9b05ce60c86e46358f17143
04dfafbc5fe883fde964a85d80ca6fa19d06db854e82aa0549b0d66547d8397c
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
052e6be56abff0379a8cb7e92e759b19e1e43d1ddd22458fc71600ae7a18077b
0664b42aa5ccfea098261ce0496fc2f3b0cd36302060975c8768084b0169875e
08883e0f0fd0db967a7c9875e12aef7e951ca023456e90be517405c28c029e2e
09de44220d2f31175ac2e93526479d1f346c3f61a64a18d971129aba27746832
0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14
0e029c4f4d1e048ed38d6a56c7c857034ee2fee1c5fc27a2cd6d5cb80df68cb5
0f4e7b1971244d3bbd0587403e399829cdbb2ab499269b85cbc47efc3a6141a4
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
15928a00dd5079d986641664c08efcf8a9dac72ca4f905e38b1a0c30976ab973
15a1f0bb005ee2d4d9c84410aad1bcd9ff6e36686573fe3e0a4959d7df79eed3
16525b2c2e97533f3b8567d3238b2fe2accbc75bf0f3262fce0b1cd07b676120
1700eede8bc4a633a721b19c84abdad4ba959b80e68ceda3a9bbb0cef3a7e8a7
172ca2ee9eef5c6b46bb828d6ead12caa09400d76d58d8b11080de0e8a6cc202
17c6bdb8c5eb4f42c8a3ba5ec378bee05df5e0777f26fd826931f2173a99eeb8
1d3e2d2ae2c0142f78244ea6312afb6956c451970a90cb233f70f5b7e33de7f1
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
201204678cab6c39832b56078c8e8768761d940f0c6027e313e8f4ed20969eb4
20eaa1a63aedbf0019f8562605496a18af58ff9c9850f502f1c40946b16f753c
25b3ff658db87aa87a7dd99f799955352fe7d85ffbc3eff9ae89b408d22ca660
287d58587a729034072a58fc0738bb876bdea908dc0d6fc86c7f83e6c6e008ba
29ef19e05f73b9d30ac355e7ef49e6a81a6f31b8da31fc61c60c524f196b4904
2ded1de717c67321667c2e78389eb399d1b996469fd1500c9c5d5f7561085d05
2e1d5bfbec317e501c989b9215d8153e6c71894003742a2cb94be3ed9701339e
2eb499ec1df28add1ce48be0f9ec2cba7d6b7ab4c9316474a9ef1f0566d4351a
2ff34f763ac8d45e73740b469ed434ee600d3263211dfba79b6f2b1c73e8bde7
301c0686904a489da3626d6592dc4cb3a4e157bd0638fcfbcd66da78b8c9445e
3032151e0f9e05a54e0e95ee99700003682894d02070c76727c239d4732efc8d
3187d2113abc1ec76fbc938ef426e2635f5f961dd48292062ac2e5506380f85e
335d82adc13bb778d6c38fd9cbb89cbba99936df005eae691dfe8994fc56cf3d
34c6c382cc128c236adbb602584b773cb511b4347f0179779d781b4a8b291dfd
35e39779377e705ba4e35f634efbdf0696aba61010a1e2a9316cdb22418fef6e
36809553a0e6234f000c7e617c3528e23f0d1500599c37ee176e078b7026515b
36c93b58f03ecca968f0a0369e2396c5c29a06efc3ecd99fae1d13b0a973ada2
37db8522bbfccddcb5efbd2d1253f9cbdc198a2a04c48327b8e3db7ff9a1f786
37e1e0aef2082b7d2537bd3de9cbcc6432c84345a3a60f8280e3fb9c7cecf48d
380221f47b60c0b312998c8d6fd11e094cc114910bcf4a917b97ab2ba65b45ff
3a3170e91ef6263fa67eaaf04dd38d9d54df98e9339f122b587392732d7661bc
3aade53fdf55b8055fb9dc90732c4e7f470b9d695d8668d601a106c52274ce9f
3ba8e9bca43cf0ec1c74472b11d9fdb32b1ae5a23e798a55e2ad4d2f48136f7d
3c95513f8712f777277c207389532617e95a7f2db6f64d32e2c2a283b512d196
3e560959c3878d5a1db7c1a5df4d157eae98eeacc4015c62441ff44d6ba85073
3e6daa2794363d6ab8c7adb8a182a9b18c5b025147af53feb7af58b11da5b7be
3e8c95e5a7888237af536dd89a3c9133d8e766340c335dcdeba331c7034760fb
3f8cbbaebbf9af2525f9c0bd02113d7f6331e83e5bc1e3074182128c36b9b499
4058f6bce930def884b0fa7d3f0b2a8893767aea046838c23716c1f9021a5986
407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
41f923dfdeaae8120e92c0a48fbdcdf033cb927f57a053d1c8feefcb3dde7a35
420cadc2da0cf70a0e40c835a7a18dd90c90189f6e3bb72d52ffe3e61ac2be4f
435e173afb0a80e150da0e651c05398b07280fc8790e02129e925afdbe0ba6ad
453f8d94af003ea1b202d17babe41fa00d9b1c14825dc735c5e9c7038d5017a0
46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de
46b81d211df2b05fa36cd50c9ea0da07671ce8a7ee6697d88cafd1747f87ea66
476245c8c89e381f57b178924bfa750abd88a47e8d9b7c939e7fd32e61a4c46f
4828e324d157586b3c5a0821a8b98ae15a343a4e8ebe9b754ff360250aa563e4
4a7cb52f34f5888cd424ce888276a212425c4ac4e59cc150e058bc4bf022937e
4c97159d90c9f849ea78e5c4c3294b3198580a6a2c3354fe07f2e3aa5ce34430
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d402f80e130c07e3410625a38c038e7ff5b37fd4d988f9b16f0fe5ee1ba8752
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
4ecddf8410494cea5379e00170ab1328db3a246482336104c9d7572b852b485d
4f5d5bfb0e60bad06852b84287df03d7b3e60c3c8d411732fd19be82b1d46506
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
55b8338cfb7077c21d548c4414cbaf2bffe019ebb4c983cb207c27f89fd6915c
55cabe8a68885742318ec080d979931391f692e158e4d183cf66c24c5c33e130
59472f5a1e1538f26d915ffa76518537bc02acdb5762e758079c4613074a6661
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
5a13a3549c2d1a7d616fa512ad14beb5c27a1040a752c1bb3972853f1529407b
5a69f125453d44dd18e9557ec61b7769dd6f45f323b8833f3a99ef6bfcc4a88e
5b1de48f15a736cfc90e852297faa51c00861f71082e590de34b5414a4f189b8
5b1dfcadb7fc6e398a1c67b49c0b20bba912a7bd47abaf6517d4e04cff67e3e0
5b5249e69847e7c1b146876ceb34463fd6f82a4a747ff26da2bdf9784b3e5b24
5d388757c2dfd2793a4047c2f3031d6cbb707408adbd9eae443d7902bd1a72c2
5de60fd3608d8385ce6427aec3d9846bc6462a742bcecec06780be71f4b05b08
5fe7a29f514066ef89528054eea95dc720cfb6debed549d0ede49ba3d041a762
60206046a05fb893e96b0916478221f8ec01b99e073b12ea4bc5fdb6a0a812c7
65816c3466b364ee3a51df69952389827dff4aa8c93ba748a4aa65a2ca2cf0b0
65b5e077f9630d0f366fdf7f901d941616cc96f2325379cee62d6879f6c5a61c
6f3ae6d0cd800135016c6abd4ca60ecfc8e72c07efb2a2f64dda42dd0c179ed3
6f73d814142f2f2dbe718fbca35ade1cc072e825ec1f39898815e43629628f0b
6f9f247d327a26310b415b78455a2832991916d4ab3d03224d3ee489f38110b8
734e12ea5d89fc6c8da84f0eac2ee9bc479ee728fa25d5f24d279a881429b3e2
7421ded58b0b66795aac889dd51d394477f7bd2252448af4c3219bf2ce6863a2
754e7795ae6899ee54bbc4d7ddf9b515f4c07d7dd4f3c15f7319ba3cb1a62b0b
786dd0b17ecf4df37a3f900e719bd36c61ae73e13e2d7187980b8852ccab0278
7c74d3f61787d14325170b51df664bc54556edb5295304a8e69fcd39b66a95bc
7e592398bc3db5510e48eed3b058806c78d6af3d52efce97de57d7677bfe8f9f
7fce7079cc8c55b7482809b9cae560338a38beb1c8fa165ededf78def0e65c88
81114370a44b3e7a14b193d85d39ac0573f3a2e742a658ae1063db31b8bf444f
816518bcb6dd308257b82bb33cb808a067612f4e8313c779ea4e15c988c7cf5b
836a3b8162c9233c431cedc9145d692ab9d72925d4ef1948f593cfe769f21d7a
83f9442b0ae777927d2d88bb8eb41e76d4379ac404084e716528a46ecbf6433b
84eae68c2136f65fc630c1af870e91499f14efd75a1bb741934e222e0a1414e8
8734a49d6e9d6aed9c2133b60efbbd2c92aa1703f4fcaf541703c245a70a91aa
8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4
8a5bcace9ac4612a8d5fe7e38adcb49bed25cc3f52c40fabb2031778e1febfef
8b0e20b03e0f2beb6f3d4577f28895b96d3a4a50cc70aa7e2c16fec943757730
8caa3b3ec2630f77a22e865988f01fc8e76abb8ca6c288910b93db0d0b806162
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
8e4fbd3919e6cd699518666936aae750b3df6fe994b459da03fdd1d18ae3f88d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
95a3a69d3b488eabf71e0156dcf7dc6c9f4d7c9e2275931ff01e7cf08286c3e5
97fa66a98fbfb4a5ba79030bf0e18b934226ed9c1822d40fc40b48b48a1fbb52
983fc0187dad2fcdbd26581a1040aeb7968c9b32df4632d49c9f4ae81cc58811
9b62cefcd86e6b76fadb64fbc35571884c70ae41fcd5eb824c9b99979fc4d392
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a109878c0662bba5d28433d4f0b92077fbabcabb0cfcb4b14bda19987174e55e
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a360bd9dde2c64d5f43feae453b7d563ef0743af0a55e44e05ffcddaa933e958
a3d351faa84b163e61747d86ad604d61d9f9caf84904585e629db1b4ce31c8d3
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a53eb1cc07f39a229137453b0546ae320f92a6729f7a8ea7d02efbe38b16d57c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab98e00318002d085dbc4e9bbed830237b9f91b8cb10ee4776f864086d4f9522
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae2e948658c1b93b778774a5c530b2f1b53341449bde983d84b4054bff75d808
afabe80d0da822ecb48dab7940c89b31f8c0b1cebfeb27d1654bcb4e3fea4a02
b0622d831a6d4c11adac89097a6704e4bbb3249af60f64de52d1c34d366c5614
b0f3b1e96730ac8e5dfeed671562469a45d96beddae9f4e629beb9d43fc6ea04
b2e9e3242b4c5c071d18fc9c901e0332a95a3eb0e7c95bf59dbff6484eb3e30a
b37ca6c575afd9835dad0665bdecd6af5d5ec0d79a6ae8f526ee6a76dd9420ef
b424c8b96a0a79e02312ac23d09607c4006fd6d9242848089fbc19caceed805d
b4374ebf4f922104d041a19e9fc7b627d25d9d2c5b0003183d69cbf5f1a3c19d
b4797b344508c8d3b258f77d50d5ef0e0c0d5b6d2aafe4a926a815fbae2f1ed8
b499f9cc78d42c5fb07c17e9138efd2a802d1a79f3db0ab41a5a7cf49ccc590a
b7a8d3ab9322623cdda11c8c5eb5db17154ccf4ff1f7d2cc85fec7377311999c
b8939b22a328efa2a65b21503b1d86365b8c52cc80e3d4378938b99a7c3016c3
bd5351c91b19c65b0641ff46e0fb0b46ea1706fce6c550ded58bfbffc5959f58
c4e409aa158a0a803ce2da327e85ab26193bdf08d4fa778bb95ab349251c2242
c56494b7e0c445e01d2fee0de214450debb0bd77d23c214fb71b0f044f810d1d
c98642e3367866a5926b51ddaa9306bb49135d2b0550a3ea06ca3fc9b41b83c8
cd3e5ebc269959d5e70fc1392e435452feff6520a621968401c994face181233
ce5a0525d35ec2fbf605e9d8fd039ba6f62ee7897255d1f1b9d7107300acb8e2
ced7b72b89b45eb74f0b4ec551ad42a70b9343dca7597d140932c02fb6aff732
cf053499e338013d7e8929675faff0aff58ea8ef1e4d7895dec469346902d0de
d2b144d496352a6414faf757cb1071802c0dd8c1c84de67d4b378f1e2efa29c1
d3698c70b88abb2a94a0ed5e90cadb42c262a07a0b972fc314a154e575ba3c6b
d52b60198aab783248d1d0d3dd27504a1c8581d7d34c81d9788ee4a4082ec30a
d796a3e59b2cbc61732a0d9196c8f7cd31a67b0f021c5c2c14a7392860289857
d8d7ae40315aaf92f9393c1a514e56dbba1b2b4410d648cf8e51b3d3fbeff0e1
daa7e4075c9304077acac1d67ef0adb56583bd4fc50a1664ac02bd491e6e7bf2
dc13a24b6ecd3b6e6412a108aa5ba5f7271a1ba3df048cc088b6dceedcd605cc
dc68782368f74408322a4eb22fd6ebd130027d85e4ac3ab1e7fa677fa1463232
dca4cbb98102d13ad9acbaef3347e5237f2ebd2954ef40889877e772e6a96e7c
e16623aa458e92e8b47c519b0704c98aa40c5347620f14f66b8c5b29d0e273a5
e2f27bf6bf20efe1a4755554e4044d0739de18e9006cd1aa7fb0a903ca33c124
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ddd6dfeee98cca3295e79b96700162959cd13d1014d43db1ba865335d68fbf
e4aa9a902b83ce9975b9cb1817997dec501aad56141f41f437d02ecca4e24b08
e4e40b3944928b3b43a2847d5823b893d34c3861eb285ed5275d9601bb043ef8
e5216831f2d216345d1f69b5a5128e0a68683628ddb113130a18eaa0bfa79b28
e53cacecb4f6b51948407a352f63bd4b8f4a437393f5a304af76441a2fe47713
e61a2227b4f8927a7bb04c00abf4470c65280bbd7be7c6d3c6645889818671be
e686f3add219adb50c6d8258b7c18439735482bbb91d638de7d694c456b6e2eb
e7c3155a16c42e2915f0cc4edb9a3202885e1e1d6a02a3392dbf7f432239c665
e974d84489664f0ff60bb76d7b3565752e71391c36e5d1e1742868f0cff4d647
eb378b095e72328138ff4dfc28608d5dcff428c0b8fa946300749291588ba0b7
eb524ab62c0fc128cbf46763b9aa0d94bda920950646a4e9c60fe1bb76c31eeb
ed4487e444877efefe1093519d07f9cea62519c93f40562e54a0c26b93346399
ee8ab1ef76bdcddfcdfac8cd3c62210e316f4eb688a8da0b4bab8da5c80414fe
eed7f235ef695c1cf88567e5688b332740677653c9728786d40b22fdee04099c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff2c68552f68a310adf531ba016021cb7a6b3d40ef9cc10fe9f4baea839898c
f19aafb8794e426a2f46e55f0a0ccb386ad75cb1b3369c6330a03e7694187a96
f3c00a8330d85db4a636380a3a8f372fe033a6b2eb607c1d67d98fc171e49e5a
f5a350715ff005015653da21302c1b25f08b43407e0141532ecfeab35246f749
f7a4433b13c8343bcdd960799292dbf550667e323682ed710f44b7a81cdbce09
f7d1958915cc3df35bfc19ebbe5d325573f93316582b866b0c6b7e32e839d530
f87adcffe1607717e5111488c32d471f7278b0df8a7a0d09b3f62d079cedb07f
f8b61e4330e6492cd191460e3218856657651c3d64a5c6b39d02cb9d5547bd90
f92b0855ca604ce5286ede5299696e3bfc2cc676f5a9f481fa650d9069018a51
fa7e5fd43939dc33c5e445b73aef73f85bfc52de6ce84e303dad90ebbc514937
faa902d968312dcd1a8df12afc85dec2f10d3dac22898ac750a9889691702970
fb758230396e5e8d1f84da5724c36a1f47486068e1745c459ac1270513e9be1c
fec6b37efbcb6c56c57f75d454bb3d31df2c8a8ff51d4a866d91329fd315c5b9
ff05520dd279845b62f0d834bcf13239d596b19ac3a3f9121f5317a2d3ecdf2c
ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

reasonlabs.com Open in urlscan Pro 76.76.21.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

399 Requests

100 %HTTPS

52 %IPv6

17 Domains

21 Subdomains

22 IPs

2 Countries

2593 kBTransfer

26026 kBSize

13 Cookies

20 Outgoing links

Redirected requests

399 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 84 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

reasonlabs.com Open in urlscan Pro
76.76.21.21 Public Scan

Screenshot
Live screenshot

Full Image

399
Requests

100 %
HTTPS

52 %
IPv6

17
Domains

21
Subdomains

22
IPs

2
Countries

2593 kB
Transfer

26026 kB
Size

13
Cookies

399 HTTP transactions
84 data transactions