www.removal-virusguide.com Open in urlscan Pro
192.169.203.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://removal-virusguide.com/
Effective URL:
http://www.removal-virusguide.com/
Submission Tags: falconsandbox
Submission: On February 17 via api (February 17th 2021, 10:03:16 am UTC) from US

Summary HTTP 229 Redirects Behaviour Indicators

Summary

This website contacted 34 IPs in 2 countries across 27 domains to perform 229 HTTP transactions. The main IP is 192.169.203.21, located in United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is www.removal-virusguide.com.

This is the only time www.removal-virusguide.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 25	192.169.203.21 192.169.203.21	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
5	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4 5	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
6 32	104.238.85.58 104.238.85.58	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
29	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3 3	54.244.12.37 54.244.12.37	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700:20:... 2606:4700:20::6818:8210	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
27	65.9.58.70 65.9.58.70	16509 (AMAZON-02) (AMAZON-02)
1 7	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:710... 2a02:26f0:7100:48a::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	65.9.20.8 65.9.20.8	16509 (AMAZON-02) (AMAZON-02)
2	3.217.219.88 3.217.219.88	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:206... 2600:9000:206f:7800:1f:f723:6fc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
2 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2600:9000:206... 2600:9000:206f:5a00:17:a556:9bc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
11	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
2	65.9.94.30 65.9.94.30	16509 (AMAZON-02) (AMAZON-02)
1 3	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	23.32.238.170 23.32.238.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
2	54.209.247.25 54.209.247.25	14618 (AMAZON-AES) (AMAZON-AES)
1	35.173.77.57 35.173.77.57	14618 (AMAZON-AES) (AMAZON-AES)
229	34

25 192.169.203.21 (United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-192-169-203-21.ip.secureserver.net

removal-virusguide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.removal-virusguide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.238.85.58 (United States) 6 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-104-238-85-58.ip.secureserver.net

www.cybersecurity-help.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cybersecurity-help.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.244.12.37 (Boardman, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-244-12-37.us-west-2.compute.amazonaws.com

link.safecart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::6818:8210 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

link.combocleaner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.combocleaner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 65.9.58.70 (United States)

ASN16509 (AMAZON-02, US)

www.enigmasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f11c:8183:face:b00c:0:25de (United States) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100:48a::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.20.8 (Orlando, United States)

ASN16509 (AMAZON-02, US)

d31qbv1cthcecs.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.217.219.88 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-219-88.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:7800:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:119:50e3:101::6cae:b45 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:5a00:17:a556:9bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

myaccount.enigmasoftware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a04:4e42:1b::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.94.30 (United States)

ASN16509 (AMAZON-02, US)

certify.alexametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.200 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.238.170 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-238-170.deploy.static.akamaitechnologies.com

embedwistia-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

embed-fastly.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.209.247.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-247-25.compute-1.amazonaws.com

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.173.77.57 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-77-57.compute-1.amazonaws.com

pipedream.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	456 KB
32	cybersecurity-help.com 6 redirects www.cybersecurity-help.com cybersecurity-help.com	551 KB
31	enigmasoftware.com www.enigmasoftware.com myaccount.enigmasoftware.com	1 MB
25	removal-virusguide.com 1 redirects removal-virusguide.com www.removal-virusguide.com	293 KB
15	wistia.com fast.wistia.com embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com	269 KB
14	doubleclick.net googleads.g.doubleclick.net	106 KB
14	google.com 4 redirects www.google.com adservice.google.com apis.google.com accounts.google.com	129 KB
11	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	297 KB
10	gstatic.com www.gstatic.com fonts.gstatic.com ssl.gstatic.com	103 KB
7	facebook.com 1 redirects www.facebook.com	27 KB
6	linkedin.com 4 redirects px.ads.linkedin.com www.linkedin.com	4 KB
6	facebook.net connect.facebook.net	246 KB
5	googleapis.com fonts.googleapis.com	4 KB
4	bing.com bat.bing.com	17 KB
4	googletagservices.com www.googletagservices.com	126 KB
3	safecart.com 3 redirects link.safecart.com	2 KB
2	alexametrics.com certify.alexametrics.com	1 KB
2	google-analytics.com www.google-analytics.com	37 KB
2	lfeeder.com sc.lfeeder.com	14 KB
2	quora.com q.quora.com	847 B
2	cloudfront.net d31qbv1cthcecs.cloudfront.net	9 KB
2	licdn.com snap.licdn.com	4 KB
2	googletagmanager.com www.googletagmanager.com	99 KB
2	combocleaner.com 1 redirects link.combocleaner.com www.combocleaner.com	40 KB
1	akamaihd.net embedwistia-a.akamaihd.net	19 KB
1	google.de adservice.google.de	169 B
1	googleadservices.com partner.googleadservices.com	645 B
229	27

	Domain	Requested by
30	www.cybersecurity-help.com	6 redirects www.removal-virusguide.com www.cybersecurity-help.com
29	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com www.removal-virusguide.com pagead2.googlesyndication.com
27	www.enigmasoftware.com	www.cybersecurity-help.com www.enigmasoftware.com
22	www.removal-virusguide.com	www.removal-virusguide.com
15	pagead2.googlesyndication.com	www.removal-virusguide.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
11	fast.wistia.com	www.enigmasoftware.com fast.wistia.com www.cybersecurity-help.com
8	platform.twitter.com	www.enigmasoftware.com platform.twitter.com
8	fonts.gstatic.com	fonts.googleapis.com
7	www.facebook.com	1 redirects connect.facebook.net www.facebook.com www.enigmasoftware.com
7	apis.google.com	www.cybersecurity-help.com apis.google.com accounts.google.com
6	connect.facebook.net	www.cybersecurity-help.com connect.facebook.net www.removal-virusguide.com
5	www.google.com	4 redirects googleads.g.doubleclick.net
5	fonts.googleapis.com	www.removal-virusguide.com tpc.googlesyndication.com www.cybersecurity-help.com
4	myaccount.enigmasoftware.com	www.enigmasoftware.com
4	px.ads.linkedin.com	2 redirects www.enigmasoftware.com
4	bat.bing.com	www.googletagmanager.com www.enigmasoftware.com
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	syndication.twitter.com	1 redirects platform.twitter.com
3	link.safecart.com	3 redirects
3	removal-virusguide.com	1 redirects www.removal-virusguide.com
2	distillery.wistia.com	fast.wistia.com
2	certify.alexametrics.com	www.enigmasoftware.com
2	www.google-analytics.com	www.googletagmanager.com
2	www.linkedin.com	2 redirects
2	sc.lfeeder.com	www.removal-virusguide.com
2	q.quora.com	www.enigmasoftware.com
2	d31qbv1cthcecs.cloudfront.net	www.removal-virusguide.com
2	snap.licdn.com	www.googletagmanager.com
2	www.googletagmanager.com	www.enigmasoftware.com
2	cybersecurity-help.com	www.cybersecurity-help.com
1	pipedream.wistia.com	fast.wistia.com
1	embed-fastly.wistia.com	www.enigmasoftware.com
1	embedwistia-a.akamaihd.net	www.enigmasoftware.com
1	ssl.gstatic.com	accounts.google.com
1	accounts.google.com	apis.google.com
1	www.combocleaner.com	www.cybersecurity-help.com
1	link.combocleaner.com	1 redirects
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.gstatic.com	www.removal-virusguide.com
229	42

This site contains no links.

Subject Issuer	Validity	Valid
*.gstatic.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
cybersecurity-help.com Go Daddy Secure Certificate Authority - G2	`2019-11-07` - `2021-11-07`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.apis.google.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
combocleaner.com Cloudflare Inc ECC CA-3	`2020-08-29` - `2021-08-29`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
enigmasoftware.com Amazon	`2020-12-20` - `2022-01-18`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-01-19` - `2021-07-19`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.quora.com R3	`2021-02-07` - `2021-05-08`	3 months	crt.sh
*.lfeeder.com Amazon	`2020-09-04` - `2021-10-06`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-12-28` - `2021-05-07`	4 months	crt.sh
certify.alexametrics.com Amazon	`2020-07-12` - `2021-08-12`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
embed-fastly.wistia.com R3	`2021-01-27` - `2021-04-27`	3 months	crt.sh
*.wistia.com Amazon	`2020-04-30` - `2021-05-30`	a year	crt.sh

This page contains 24 frames:

Primary Page: http://www.removal-virusguide.com/
Frame ID: 2BE2E696F6C4642C8A4D090C19B7B234
Requests: 38 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/zrt_lookup.html
Frame ID: 9EAD5E7F8ADC81F7BFB130DE2C275578
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
Frame ID: 8420F91904CD341E2D501884D9FAB2C9
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
Frame ID: 9064E8615703A89E47C6992E25C60DA9
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
Frame ID: 1E7708A081325EE7930674C67426EA99
Requests: 8 HTTP requests in this frame

Frame: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Frame ID: C2597C18B397182F2BA1CF1B0CBB8C9A
Requests: 34 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&adk=1812271804&adf=3025194257&lmt=1613556171&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1613556171312&bpp=1&bdt=1051&idt=2&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250%2C300x250&nras=1&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=4&uci=a!4&fsb=1&dtd=13
Frame ID: B8B5AAF8C35135B2A8197824F904D0B5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html
Frame ID: 684BC8ABB692A34C5C2180EBEC364E31
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C7A9AB5DD1BAE31B20785F32293829C9
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html
Frame ID: 85FF4DF22D69C38B956789536E074555
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html
Frame ID: 0C4A3CBB3775D40DEDD93466012E3A98
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 2E8387531FF4FCEC88520ECD9EE02D71
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: F329D6D2F70ABEE7F604AC4D0E00A07F
Requests: 2 HTTP requests in this frame

Frame: https://apis.google.com/_/widget/render/comments?usegapi=1&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&first_party_property=BLOGGER&legacy_comment_moderation_url=&view_type=FILTERED_POSTMOD&width=600&height=200&origin=https%3A%2F%2Fwww.cybersecurity-help.com&search=&hash=&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
Frame ID: 64C6285A644F4986A25315BBB4F2A2FC
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
Frame ID: 2178F85DD4FC9B9DEBB50997A4EC67E7
Requests: 4 HTTP requests in this frame

Frame: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Frame ID: B562F0842175531EDDAE981E74540BFA
Requests: 34 HTTP requests in this frame

Frame: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Frame ID: 9AA6D9047A2B8A45260F55D88B15DF13
Requests: 44 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470
Frame ID: C0327EBBFC8C14BE0A7497CDDA39AB9D
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
Frame ID: 77C2B711A3F5877E3C72AE76F97E1732
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
Frame ID: 68F3A11F4E918BFC38289F8D937FDFCF
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html
Frame ID: 511C551F9DEC85841C96CB44C390E27C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html
Frame ID: A6AD84F262B9EEEE8978DEFEB7FD0977
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 06F93FFA73B42B868DAB6C4B9FFEE173
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 48FA8696C85E140FB3ED5699A38836B6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://removal-virusguide.com/ HTTP 301
http://www.removal-virusguide.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

229
Requests

87 %
HTTPS

63 %
IPv6

27
Domains

42
Subdomains

34
IPs

2
Countries

4011 kB
Transfer

10210 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://removal-virusguide.com/ HTTP 301
http://www.removal-virusguide.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

http://www.google.com/jsapi?ver=3.9.1 HTTP 301
https://www.gstatic.com/charts/loader.js?ver=3.9.1

Request Chain 63

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 79

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 83

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 115

https://www.cybersecurity-help.com/download-combocleaner HTTP 301
https://www.cybersecurity-help.com/download-combocleaner/ HTTP 302
https://link.safecart.com/2rysza HTTP 301
https://link.combocleaner.com/download/?sid=57218b7465990b68d3c4049dfb128d6c7e724926&aid=vpcthreat HTTP 302
https://www.combocleaner.com/files/rw/combocleaner.dmg

Request Chain 132

https://www.cybersecurity-help.com/download-spyhunter HTTP 301
https://www.cybersecurity-help.com/download-spyhunter/ HTTP 302
https://link.safecart.com/2pce6v HTTP 301
https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Request Chain 133

https://www.cybersecurity-help.com/download-spyhuntermac HTTP 301
https://www.cybersecurity-help.com/download-spyhuntermac/ HTTP 302
https://link.safecart.com/2r9rhv HTTP 301
https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Request Chain 135

https://www.facebook.com/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470 HTTP 302
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470

Request Chain 163

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D428537%26time%3D1613556175465%26url%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Fde%252Fentfernen-mystartsearch-com%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true

Request Chain 192

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D428537%26time%3D1613556175821%26url%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Fde%252Fentfernen-mystartsearch-com%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true

Request Chain 229

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

229 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.removal-virusguide.com/
Redirect Chain

http://removal-virusguide.com/
http://www.removal-virusguide.com/

16 KB
5 KB

4386ms
4347ms

Document
text/html

192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: e8801c69f593daa74de98542c767d8005620a96778a1a0dcdb77fb0ed1a102de

Request headers

Host: www.removal-virusguide.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.0.15
Date: Wed, 17 Feb 2021 10:02:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Set-Cookie: PHPSESSID=0u0u21mmm2a2ro7l1u80lo3b87; path=/ _icl_current_language=en; expires=Thu, 18-Feb-2021 10:02:46 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.removal-virusguide.com/xmlrpc.php
Content-Encoding: gzip

Redirect headers

Server: nginx/1.0.15
Date: Wed, 17 Feb 2021 10:02:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Set-Cookie: PHPSESSID=p3plahi87625c43ii0c6ec92p3; path=/ _icl_current_language=en; expires=Thu, 18-Feb-2021 10:02:45 GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.removal-virusguide.com/xmlrpc.php
Location: http://www.removal-virusguide.com/

GET
H/1.1 200
OK css
fonts.googleapis.com/ 3 KB
1 KB 21ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Droid+Serif|Arimo

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ef2386e4de3b28b9584fbc88cb42427053efc2d0b2d025027e0574820439716

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Feb 2021 10:02:50 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Wed, 17 Feb 2021 10:02:50 GMT

GET
H/1.1 200
OK style.css
www.removal-virusguide.com/wp-content/plugins/side-matter/css/ 7 KB
2 KB 185ms
184ms Stylesheet
text/css 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/plugins/side-matter/css/style.css?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: bdbf2460fba4062eea1d28267c13ef9308cc18462388b4625a369c5928e7243e

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Sep 2017 14:54:34 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK display-authors-widget.css
www.removal-virusguide.com/wp-content/plugins/display-authors-widget/css/ 545 B
589 B 403ms
382ms Stylesheet
text/css 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/plugins/display-authors-widget/css/display-authors-widget.css?ver=20122709
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 84b37226dd1ba126264c6b5d1369d28d6fb5fa26f7cd6f3e1458e86ff41d14e7

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 Nov 2013 19:50:22 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK style.css
www.removal-virusguide.com/wp-content/themes/imag-mag/ 32 KB
10 KB 368ms
348ms Stylesheet
text/css 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 83780bde4a2732329a172f17176be01e75bb8dc4e7088d0ba21a4fe544dbcc47

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Nov 2017 12:05:42 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK camera.css
www.removal-virusguide.com/wp-content/themes/imag-mag/css/ 6 KB
2 KB 369ms
348ms Stylesheet
text/css 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/css/camera.css?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 67c060f18df4888c8a655a1c1b042faeda176be01e89e29eea43913290d4cc45

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK skeleton.css
www.removal-virusguide.com/wp-content/themes/imag-mag/css/ 11 KB
3 KB 377ms
356ms Stylesheet
text/css 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/css/skeleton.css?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 0f723be189a450de0d2ddc0947f9b45ded42bfd1237c66c66610a007b112343e

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery.js Show response
www.removal-virusguide.com/wp-includes/js/jquery/ 94 KB
39 KB 375ms
354ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 54504276d92644ec2aec24a21ad29b58caa20f68803c67cc65607bfa439b394c

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:40:14 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.removal-virusguide.com/wp-includes/js/jquery/ 7 KB
4 KB 367ms
184ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 Jul 2013 12:28:26 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery.autosize.js Show response
www.removal-virusguide.com/wp-content/plugins/side-matter/js/ 7 KB
4 KB 557ms
187ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/plugins/side-matter/js/jquery.autosize.js?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: daff8d867254e20c64ef4fc6cb88846839f42dc4f410bcb4cffefeb018950c55

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 Mar 2020 10:42:18 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H2

200

loader.js Show response
www.gstatic.com/charts/
Redirect Chain

http://www.google.com/jsapi?ver=3.9.1
https://www.gstatic.com/charts/loader.js?ver=3.9.1

64 KB
20 KB

18ms
17ms

Script
text/javascript

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/loader.js?ver=3.9.1

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d48c95e39e7dcd31ebeee1191f77770fa1cb0a4213bb84ac925406066218c841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19830
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 23 Jul 2020 17:43:26 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 10:02:50 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Type: text/html; charset=UTF-8
Location: https://www.gstatic.com/charts/loader.js?ver=3.9.1
Cache-Control: public, max-age=1800
Content-Length: 247
X-XSS-Protection: 0
Expires: Wed, 17 Feb 2021 10:32:50 GMT

GET
H/1.1 200
OK jquery.mobilemenu.min.js Show response
www.removal-virusguide.com/wp-content/themes/imag-mag/js/ 2 KB
1 KB 575ms
204ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/js/jquery.mobilemenu.min.js?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: bc6f35d495daa9024207ac02873845e08564c284a9972fbc709aa1faa2345aaa

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery.easing.1.3.js Show response
www.removal-virusguide.com/wp-content/themes/imag-mag/js/ 10 KB
3 KB 565ms
188ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/js/jquery.easing.1.3.js?ver=3.9.1
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: f9e2a52ad3c2b465bac4c077658643fb7fa2a1cc627a85bc3bdb03041a44558e

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK Firefox-Redirect-Virus-300x209.png
www.removal-virusguide.com/wp-content/uploads/2017/11/ 33 KB
34 KB 245ms
241ms Image
image/png 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/uploads/2017/11/Firefox-Redirect-Virus-300x209.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 097ba063d35c940844b4c389e99df246c114159904b43a2129fa2fa98c82f37a

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Last-Modified: Fri, 10 Nov 2017 14:18:05 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34204
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK time-to-read-300x181.png
www.removal-virusguide.com/wp-content/uploads/2017/11/ 52 KB
52 KB 188ms
184ms Image
image/png 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/uploads/2017/11/time-to-read-300x181.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 74e3e658d0d44cab2421b81060a70c1f81f886906d465aa7559a5264adde5467

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Last-Modified: Fri, 10 Nov 2017 14:13:55 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 53015
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK Chrome-Redirect-Virus-300x204.png
www.removal-virusguide.com/wp-content/uploads/2017/11/ 39 KB
40 KB 300ms
183ms Image
image/png 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/uploads/2017/11/Chrome-Redirect-Virus-300x204.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 28042224881cf05034afb1ca1de4b89b752f73f1ae68fb22fd8ebf29525d6b10

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:51 GMT
Last-Modified: Fri, 10 Nov 2017 14:07:23 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40445
Expires: Sat, 12 Feb 2022 10:02:51 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
48 KB 41ms
32ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9406453f755774f3fe2168484ffc62ae638eaa92bbfa9dc8b56f75250ce10a3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 12112344721774099002
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 48461
X-XSS-Protection: 0
Expires: Wed, 17 Feb 2021 10:02:50 GMT

GET
H/1.1 200
OK camera.min.js Show response
www.removal-virusguide.com/wp-content/themes/imag-mag/js/ 38 KB
10 KB 230ms
230ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/js/camera.min.js?ver=2.0
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 4a3ae52d3526e37040a8196cc9e7e926b8f77a57e0fc65462247f070c52485d0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery.mobile.customized.min.js Show response
www.removal-virusguide.com/wp-content/themes/imag-mag/js/ 17 KB
7 KB 190ms
190ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/js/jquery.mobile.customized.min.js?ver=2.0
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 654595cf8b565940ef6b5765d3047af2794b13efeb6fdc661ded7f5ccf32ce0c

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK jquery.ui.widget.min.js Show response
www.removal-virusguide.com/wp-includes/js/jquery/ui/ 6 KB
3 KB 194ms
189ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.4
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: bb8fa9b9142463722e91df6297bfccadd2744651cd0e5cfd26540cfaf1361062

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:44:12 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK tpcrn_scripts.js Show response
www.removal-virusguide.com/wp-content/themes/imag-mag/js/ 2 KB
2 KB 189ms
186ms Script
application/x-javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/js/tpcrn_scripts.js?ver=1.0
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: ac5cf6ddbc922e83040bb6d386e448b0550f8e14603254d0eb5e4a92f1e66da5

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:50 GMT
Content-Encoding: gzip
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:50 GMT

GET
H/1.1 200
OK generator.php Show response
removal-virusguide.com/ 53 KB
53 KB 960ms
957ms Script
application/javascript 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://removal-virusguide.com/generator.php
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/wp-content/plugins/side-matter/js/jquery.autosize.js?ver=3.9.1
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: 4ca8f7722320d5e59ac553dc60baf881d5fddc53eef14a442c8f69bc2b481a4a

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:51 GMT
Last-Modified: Wed, 17 Feb 2021 10:02:50 GMT
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK headbg.png
www.removal-virusguide.com/wp-content/themes/imag-mag/images/ 2 KB
2 KB 325ms
208ms Image
image/png 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/images/headbg.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: dc15cfc7c2b7418b8ab9a19ccecf481a0285c34ce4cde6681d17ece9d668004f

Request headers

Referer: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:51 GMT
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2181
Expires: Sat, 12 Feb 2022 10:02:51 GMT

GET
H/1.1 200
OK header-separator.png
www.removal-virusguide.com/wp-content/themes/imag-mag/images/ 986 B
1 KB 325ms
204ms Image
image/png 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/images/header-separator.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: cd8587dbc3298d9bb3277f3ff8bf095b2a4811dc04de1e894905f890dad9bfec

Request headers

Referer: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:51 GMT
Last-Modified: Fri, 31 May 2013 13:33:46 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 986
Expires: Sat, 12 Feb 2022 10:02:51 GMT

GET
H/1.1 200
OK P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcABrHdwcoaaQw.woff
fonts.gstatic.com/s/arimo/v17/ 13 KB
13 KB 13ms
7ms Font
font/woff 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/arimo/v17/P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcABrHdwcoaaQw.woff

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Droid+Serif|Arimo

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b535607ce11399efe43e729f3e198e35de26da6cb5ea0422cce42e1237b9072

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://www.removal-virusguide.com
Referer: http://fonts.googleapis.com/css?family=Droid+Serif|Arimo
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 07:54:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 28 Jan 2021 21:51:54 GMT
Server: sffe
Age: 353310
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 12956
X-XSS-Protection: 0
Expires: Sun, 13 Feb 2022 07:54:20 GMT

GET
H/1.1 200
OK tDbI2oqRg1oM3QBjjcaDkOr9rAXWGQyH.woff2
fonts.gstatic.com/s/droidserif/v13/ 12 KB
13 KB 16ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/droidserif/v13/tDbI2oqRg1oM3QBjjcaDkOr9rAXWGQyH.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Droid+Serif|Arimo

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c91e2af7df1a9d8a403108592949a68b78ccbb50c38561aeb4cd1d107ebed276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://www.removal-virusguide.com
Referer: http://fonts.googleapis.com/css?family=Droid+Serif|Arimo
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 15 Feb 2021 16:19:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Sep 2020 17:04:27 GMT
Server: sffe
Age: 150189
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 12560
X-XSS-Protection: 0
Expires: Tue, 15 Feb 2022 16:19:41 GMT

GET
H/1.1 404
Not Found bullet2.png
www.removal-virusguide.com/wp-content/themes/imag-mag/images/ 8 KB
8 KB 4246ms
4245ms Image
text/html 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/images/bullet2.png
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: 26d96c5b5ba1ce581a0455d18ad5681b8ae5b4275a7630f0cfa768c59cfab720

Request headers

Referer: http://www.removal-virusguide.com/wp-content/themes/imag-mag/style.css?ver=3.9.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 10:02:54 GMT
Content-Encoding: gzip
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
X-Pingback: http://www.removal-virusguide.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/ 227 KB
85 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7943855733030580&plah=www.removal-virusguide.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fee2a3e4db0a9b907550346569920e7ea79a4b855260d5c9d063aebd408ce52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87061
x-xss-protection: 0
server: cafe
etag: 9039926254773515089
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/ Frame 9EAD 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210211/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlXPzcma7hJcG15cukzCndW3d4j0wp_XGqQekjq1rk2waf0kuiZdQuWVR8L
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 17 Feb 2021 04:14:22 GMT
expires: Wed, 03 Mar 2021 04:14:22 GMT
content-type: text/html; charset=UTF-8
etag: 6440208225989294717
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4777
x-xss-protection: 0
age: 20909
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
645 B 133ms
71ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.removal-virusguide.com&callback=_gfp_s_&client=ca-pub-7943855733030580

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7943855733030580&plah=www.removal-virusguide.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

23ab5c071bb37b4b4e20fdcc5069f72fbd29058f3f9f5227d1e0406e49ebc96c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
169 B 32ms
27ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.removal-virusguide.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
321 B 30ms
30ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.removal-virusguide.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8420 90 KB
33 KB 368ms
368ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec4e96b11f6fcc3b3c7fedde8dd5a0dcf50dc353ec394f8a84f5e286e01c7807

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJeZoZPV8O4CFaSB7QodlIoBWw&gqi=y-ksYOrOCYaA1fAPocm8oAM&layout=/sadbundle/%24csp%253Der3%24/6903772907417404086/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlXPzcma7hJcG15cukzCndW3d4j0wp_XGqQekjq1rk2waf0kuiZdQuWVR8L
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJeZoZPV8O4CFaSB7QodlIoBWw&gqi=y-ksYOrOCYaA1fAPocm8oAM&layout=/sadbundle/%24csp%253Der3%24/6903772907417404086/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 10:02:51 GMT
server: cafe
content-length: 33382
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 37ms
14ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161064837431"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28346
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9064 89 KB
33 KB 392ms
391ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f32d9a317b9cfaa9064d7de5cd77815a148294d4ec2b4a5b8d05102cb382f679

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNTRopPV8O4CFcr3dwod2tAO-A&gqi=y-ksYKS0Co7H1fAPxZSXoAg&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlXPzcma7hJcG15cukzCndW3d4j0wp_XGqQekjq1rk2waf0kuiZdQuWVR8L
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNTRopPV8O4CFcr3dwod2tAO-A&gqi=y-ksYKS0Co7H1fAPxZSXoAg&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 10:02:51 GMT
server: cafe
content-length: 33127
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1E77 90 KB
33 KB 435ms
434ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5432ba27f5893a77913de990445ea39c992c782ac382e10cc599063ac3878aca

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIOwo5PV8O4CFYHvdwodeaML6Q&gqi=y-ksYPqVC4qO1fAPkpCW6AM&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlXPzcma7hJcG15cukzCndW3d4j0wp_XGqQekjq1rk2waf0kuiZdQuWVR8L
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIOwo5PV8O4CFYHvdwodeaML6Q&gqi=y-ksYPqVC4qO1fAPkpCW6AM&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 10:02:51 GMT
server: cafe
content-length: 33326
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK Cookie set / Show response
www.cybersecurity-help.com/de/entfernen-mystartsearch-com/ Frame C259 28 KB
10 KB 1308ms
556ms Document
text/html 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: 7f0931786a92de24874844a4058808dc34741a1f34f0a1e294ef8e128861ab97

Request headers

Host: www.cybersecurity-help.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://www.removal-virusguide.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

Server: nginx/1.0.15
Date: Wed, 17 Feb 2021 10:02:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Set-Cookie: _icl_current_language=de; expires=Thu, 18-Feb-2021 10:02:52 GMT; path=/ PHPSESSID=o5uomfbgpta8bbb1fa015qand2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: https://www.cybersecurity-help.com/xmlrpc.php
Link: <https://www.cybersecurity-help.com/?p=2911>; rel=shortlink
Content-Encoding: gzip

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B8B5 10 KB
1 KB 75ms
75ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&adk=1812271804&adf=3025194257&lmt=1613556171&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1613556171312&bpp=1&bdt=1051&idt=2&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250%2C300x250&nras=1&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=4&uci=a!4&fsb=1&dtd=13

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7fbcf2cfbd07c5fcdf1c5d0eab6a4725eebf2d4dccf54da76a25236962eee53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&adk=1812271804&adf=3025194257&lmt=1613556171&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1613556171312&bpp=1&bdt=1051&idt=2&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250%2C300x250&nras=1&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=23&ifi=4&uci=a!4&fsb=1&dtd=13
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 10:02:51 GMT
server: cafe
content-length: 964
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 17-Feb-2021 10:17:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 10:02:51 GMT
cache-control: private

GET
H/1.1 204
No Content gen_204
pagead2.googlesyndication.com/pagead/ 0
459 B 39ms
39ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-7943855733030580&warn=12%2C13&w=1600&h=1200&eatf=false&reatf=true&a=6%2C1%2C5%2C7&apv=20210210_200524&sat=1613347790685&afm=0&as_count=3&d_count=0&ng_count=0&am_count=0&atf_count=2&mdns=0.458&alldns=0.458&allp=27&pgh=1638&su=www.removal-virusguide.com&r=0.1

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 10:02:51 GMT
X-Content-Type-Options: nosniff
Server: cafe
Timing-Allow-Origin: *
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Content-Type: image/gif
Content-Length: 0
X-XSS-Protection: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame 8420 18 KB
8 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:06:15 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 8420 3 KB
2 KB 33ms
12ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:49:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 814
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:49:17 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8420 107 KB
33 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161046593140"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33368
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 8420 14 KB
6 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:49:45 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 8420 0
0 15ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRELBedjivWM7iWcVJMLSyHsam3aWFcK0yiZvC9JfLczFQsyUm-zzfCoRT-yVUodTuzTDjSRhLOiV-XVn4tvMLuvPBUyA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/ Frame 684B 59 KB
18 KB 26ms
13ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf478e6ce61245ce5fabef16680abbedeceb26ff23795affb40f93e247abc9a3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/6903772907417404086/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Thu, 11 Feb 2021 13:03:06 GMT
expires: Fri, 11 Feb 2022 13:03:06 GMT
last-modified: Thu, 28 Jan 2021 16:37:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 16731
age: 507585
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8420 0
0 45ms
45ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CFSh8y-ksYNeHCqSDtgeUlYbYBYDLjLthm_ScyY0N2tkeEAEgwYbXHmCVAqAB1Yfb8QLIAQmpAtBhZxMPSrQ-qAMByANIqgTkAU_Q34iRy3IHfRVQChMPXOkK_rvpcP-jHptOYh-rJjuGanH633cBpazg2p_Vqixy2EP7vX_6UcJgh2sGEKDfkBTweev0WlCif-eA6uGX8vkpjMD-3asp-QBiscyz42h7n73VkSmuNWn1Ynx0V5gwr99Z8725QawuoXZkmdvY3g1Xpb43niHubGh-n3_oI9Z-DSWgOlPiQld7hlCWHkTcsWC8FVsLHUychfw3NpMJkfaeZO3Jn2M0uOzQNeswxkhL9DLlArBXD6TH31lCSZEwRsriZitVm3VgplGyT-UP93rWyMIZHsAEt8uf4bUDkgUECAQYAZIFBAgFGASgBi6AB5P4pI4BqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEELnbINIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAbIXGgoYCAASFHB1Yi03OTQzODU1NzMzMDMwNTgw&sigh=2fbZTslFa4E&template_id=419&tpd=AGWhJmt2q1h1LDwXMt-oueka-n0Noani1-lksGN4CtNUSMve_g

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 17 Feb 2021 10:02:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C7A9 143 B
216 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 17 Feb 2021 09:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2215
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H2 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 8420 0
692 B 59ms
40ms Other
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJeZoZPV8O4CFaSB7QodlIoBWw&gqi=y-ksYOrOCYaA1fAPocm8oAM&layout=/sadbundle/%24csp%253Der3%24/6903772907417404086/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 8420 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d62053fa3c8232db0d89e8f79f24cd6d2d02fc14ee0c3102eeb2580326b141d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 85FF 71 KB
18 KB 39ms
24ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2108777f41a0dfb0ddecf19e84226505b9911ad95e4d1bbc3e934c3f2bab74d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/8360913908667273968/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 16 Feb 2021 11:34:08 GMT
expires: Wed, 16 Feb 2022 11:34:08 GMT
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 17589
age: 80923
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame 9064 18 KB
8 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:18:17 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 9064 3 KB
2 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2795
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:16:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9064 107 KB
33 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161046593140"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33368
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 9064 14 KB
6 KB 35ms
22ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:49:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 684B 4 KB
709 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:51:44 GMT
server: ESF
date: Wed, 17 Feb 2021 10:02:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 684B 16 KB
6 KB 35ms
23ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 04:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 18 Feb 2021 04:25:41 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 684B 22 KB
9 KB 33ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 17 Feb 2021 22:10:28 GMT

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 0C4A 71 KB
17 KB 27ms
26ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2108777f41a0dfb0ddecf19e84226505b9911ad95e4d1bbc3e934c3f2bab74d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/8360913908667273968/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 16 Feb 2021 11:34:08 GMT
expires: Wed, 16 Feb 2022 11:34:08 GMT
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 17589
age: 80923
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame 1E77 18 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:18:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:18:17 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 1E77 3 KB
2 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2795
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:16:16 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E77 107 KB
33 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161046593140"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33368
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 1E77 14 KB
6 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 09:49:45 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9064 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C37Eky-ksYJTAC8rv3wPaobvAD4DLjLthu_WcyY0N2tkeEAEgwYbXHmCVAqAB1Yfb8QLIAQmpAtBhZxMPSrQ-qAMByANIqgTnAU_QPh_dl0q3uQ-F2ljr5aqEFKCqPyLXYyUsI3XfKD8wd-lV0MFhnv8l4YJLXwZ8JD9SnBDGZm86bKX6hLk1XvdxIrgESjIFkKcKoiZJb9CiUVSvG478AT7zxsQw2KTPGhSzg9qAAgMPvbXQWrjP0y1kb_wJ8RMNl8wR2y17Y1Z27HxchHXnlHDpiwKBrvWjUnJiyCXFajCqoQFe9McgUp7dBKCQLZvo9ZS_TPAHqYbIansRqbVrnrrhGVou4HvebsCwy3L2Id2_0DH6kCHUKj3QGYF3NQQvX0DFHWWyonvvl5ixMnelcsAEt8uf4bUDkgUECAQYAZIFBAgFGASgBi6AB5P4pI4BqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEO_OGNIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAbIXGgoYCAASFHB1Yi03OTQzODU1NzMzMDMwNTgw&sigh=RLI3fWD7bR8&template_id=419&tpd=AGWhJmtQvZDIA1iF3WmW_X7aTOWUam9x71pb9dtBivnbQ4VO0A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 17 Feb 2021 10:02:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1E77 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXtXSy-ksYMOeDIHf3wP5xq7IDoDLjLthu_WcyY0N2tkeEAEgwYbXHmCVAqAB1Yfb8QLIAQmpAl0zqTB9SLQ-qAMByANIqgTnAU_QCfdV55yuru9Y2Ns4WkboTkZvug-8E2PhqAOF4OCeKLNsxCOcy6W5FcKvG5553JPMvkzD0Z7MUSRwJP8mW_ka6OPm0HEN8Ul2v_I1sOvwCjHMjRMwRklG1ETv3gY-6Dtlp6yM5jEVMmjIeZCEpqu-aVSygewV95Wb5_pIojJnrq5uEzKb2e6qb1GWi9jV9KO_NY40WE5RrKDhFvojtl15f0nSO2xa0zAdbBdks6nY8W1czzI-cO3tQ8h9GZLAGdr7KvNHII0YsiBI-HK78GorUGRIU8UEQp_o00jWUchjtpoHncF4esAEt8uf4bUDkgUECAQYAZIFBAgFGASgBi6AB5P4pI4BqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEM_OGdIICQiA4YAQEAEYH4AKAcgLAdgTDYgUAbIXGgoYCAASFHB1Yi03OTQzODU1NzMzMDMwNTgw&sigh=paUtvEfsfjM&template_id=419&tpd=AGWhJmtYR5cxx6j0xHujU3plyaLftt62-3VeoVgHo9qf4MTBSA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 17 Feb 2021 10:02:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C7A9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
110 B

16ms
16ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 17-Feb-2021 11:02:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 10:02:51 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2E83 143 B
165 B 11ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 17 Feb 2021 09:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2215
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 9064 0
679 B 72ms
39ms Other
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNTRopPV8O4CFcr3dwod2tAO-A&gqi=y-ksYKS0Co7H1fAPxZSXoAg&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9064 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 706d79f6a54d6df1e9d41b20fbd5acbfb5540b41fb0cc64885bfd3deca7eae90

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 684B 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 149858
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:13 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 684B 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 520939
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:32 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F329 143 B
165 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 17 Feb 2021 09:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2215
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

POST
H3-Q050 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 1E77 0
23 B 41ms
41ms Other
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIOwo5PV8O4CFYHvdwodeaML6Q&gqi=y-ksYPqVC4qO1fAPkpCW6AM&layout=/sadbundle/%24csp%253Der3%24/8360913908667273968/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1E77 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca7803c98b63e41791ec0817a08ada42a5c4904edd6f6da43ee4e431b2030ac3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 85FF 4 KB
1 KB 42ms
28ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:51:44 GMT
server: ESF
date: Wed, 17 Feb 2021 10:02:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 85FF 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 04:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 18 Feb 2021 04:25:41 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 85FF 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 17 Feb 2021 22:10:28 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 0C4A 4 KB
635 B 43ms
32ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700,300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 10:02:51 GMT
server: ESF
date: Wed, 17 Feb 2021 10:02:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 10:02:51 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0C4A 16 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 04:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 18 Feb 2021 04:25:41 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0C4A 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 17 Feb 2021 22:10:28 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 684B 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 2826
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 09:15:45 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2E83
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

17ms
16ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 17-Feb-2021 11:02:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 10:02:51 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cta_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/ Frame 684B 206 B
287 B 8ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/cta_1.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 82364
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:55 GMT
server: sffe
date: Tue, 16 Feb 2021 11:10:07 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Feb 2022 11:10:07 GMT

GET
H3-Q050 200 logo-deloitte-its-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/ Frame 684B 1 KB
1 KB 7ms
6ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/logo-deloitte-its-300x250px.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 444732
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1180
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:55 GMT
server: sffe
date: Fri, 12 Feb 2021 06:30:39 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 06:30:39 GMT

GET
H3-Q050 200 visual_forensic-300x300px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/ Frame 684B 44 KB
44 KB 8ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/6903772907417404086/visual_forensic-300x300px.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61b8ace7107247314c20e50c240c4a6552702aa0d37dda0499b0f9f23ccea75a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 82364
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44597
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:55 GMT
server: sffe
date: Tue, 16 Feb 2021 11:10:07 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Feb 2022 11:10:07 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F329
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

23ms
23ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1071323082&adf=176373481&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171034&bpp=1&bdt=773&idt=123&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=235&ady=1301&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=E17SzRqpFi&p=http%3A//www.removal-virusguide.com&dtd=127

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 17-Feb-2021 11:02:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 10:02:51 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 10:02:51 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 85FF 9 KB
9 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 149858
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:13 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 85FF 9 KB
9 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 520939
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:32 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 0C4A 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 149858
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:13 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 0C4A 9 KB
9 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700,300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 520939
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:32 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 85FF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 2826
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 09:15:45 GMT

GET
H3-Q050 200 cta_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 85FF 206 B
285 B 8ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/cta_1.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 507829
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Thu, 11 Feb 2021 12:59:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:59:02 GMT

GET
H3-Q050 200 logo-deloitte-its-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 85FF 1 KB
1 KB 10ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/logo-deloitte-its-300x250px.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 507829
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1180
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Thu, 11 Feb 2021 12:59:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:59:02 GMT

GET
H3-Q050 200 visual_forensic-300x300px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 85FF 44 KB
44 KB 11ms
9ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/visual_forensic-300x300px.png

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61b8ace7107247314c20e50c240c4a6552702aa0d37dda0499b0f9f23ccea75a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 81659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44597
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Tue, 16 Feb 2021 11:21:52 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Feb 2022 11:21:52 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C4A 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 2826
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 09:15:45 GMT

GET
H3-Q050 200 cta_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 0C4A 206 B
233 B 8ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/cta_1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 507829
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Thu, 11 Feb 2021 12:59:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:59:02 GMT

GET
H3-Q050 200 logo-deloitte-its-300x250px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 0C4A 1 KB
1 KB 9ms
9ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/logo-deloitte-its-300x250px.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 507829
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1180
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Thu, 11 Feb 2021 12:59:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:59:02 GMT

GET
H3-Q050 200 visual_forensic-300x300px.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/ Frame 0C4A 44 KB
44 KB 12ms
11ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/visual_forensic-300x300px.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8360913908667273968/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61b8ace7107247314c20e50c240c4a6552702aa0d37dda0499b0f9f23ccea75a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 81659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44597
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 16:37:58 GMT
server: sffe
date: Tue, 16 Feb 2021 11:21:52 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Feb 2022 11:21:52 GMT

GET
H/1.1 204
No Response generator.php
removal-virusguide.com/ 0
162 B 1021ms
1020ms Image
image/gif 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://removal-virusguide.com/generator.php?action_name=Virus%20Removal%20Guide&idsite=356&rec=1&r=176248&h=11&m=2&s=52&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&_id=1891d36c213cd50c&_idts=1613556172&_idvc=1&_idn=0&_refts=0&_viewts=1613556172&send_image=0&cookie=1&res=1600x1200&gt_ms=4348
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:53 GMT
Server: nginx/1.0.15
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Type: image/gif

GET
H/1.1 200
OK ajax-contact.css
www.cybersecurity-help.com/wp-content/plugins/ajax-contact/css/ Frame C259 2 KB
983 B 190ms
188ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/ajax-contact/css/ajax-contact.css?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 30b2705624958fbde4904f7528d7453ef02916de55fa9a38b7179393d2d8834e

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:52 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 May 2014 13:47:47 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:52 GMT

GET
H/1.1 200
OK style.css
www.cybersecurity-help.com/wp-content/plugins/side-matter/css/ Frame C259 3 KB
1 KB 379ms
188ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/side-matter/css/style.css?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 89c755529e4d695d5566bfd4f143f4fa976ff89edd3c98f2b1c129ddd7bf8fc6

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:52 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Sep 2014 14:14:53 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:52 GMT

GET
H/1.1 200
OK thickbox.css
www.cybersecurity-help.com/wp-includes/js/thickbox/ Frame C259 2 KB
1 KB 560ms
186ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/thickbox/thickbox.css?ver=1.0
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 36908af2e4b47c0c9e6fe726203a970645dd88aacc435207d5567c6fb6fb8318

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Sun, 16 Mar 2014 15:28:18 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK social_comments.css
www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/css/ Frame C259 2 KB
1 KB 561ms
186ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/css/social_comments.css?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 4dd982d6d60c6c0025002eaf22cb873b00f5c02e93b4b2eb0bf6a0b0b53b5b29

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Oct 2013 18:44:20 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK display-authors-widget.css
www.cybersecurity-help.com/wp-content/plugins/display-authors-widget/css/ Frame C259 545 B
589 B 564ms
188ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/display-authors-widget/css/display-authors-widget.css?ver=20122709
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 84b37226dd1ba126264c6b5d1369d28d6fb5fa26f7cd6f3e1458e86ff41d14e7

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 Nov 2013 19:50:22 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame C259 8 KB
871 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700&subset=latin,latin-ext

Requested by

Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6becca4cbeca946fddc275919175e23855cdccc2d9cfc4e81037e57c3616de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:26:34 GMT
server: ESF
date: Wed, 17 Feb 2021 10:02:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 10:02:52 GMT

GET
H/1.1 200
OK style.css
www.cybersecurity-help.com/wp-content/themes/threatshelpcenter/ Frame C259 39 KB
11 KB 565ms
189ms Stylesheet
text/css 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/themes/threatshelpcenter/style.css?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: e338d950734e094e323df90d2a2f456a35f327fdd1dcd0f235fceecbb536b99a

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Jun 2015 12:47:55 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery.js Show response
www.cybersecurity-help.com/wp-includes/js/jquery/ Frame C259 94 KB
39 KB 737ms
360ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 54504276d92644ec2aec24a21ad29b58caa20f68803c67cc65607bfa439b394c

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:40:14 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.cybersecurity-help.com/wp-includes/js/jquery/ Frame C259 7 KB
4 KB 567ms
188ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 Jul 2013 12:28:26 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK ajax-contact.js Show response
www.cybersecurity-help.com/wp-content/plugins/ajax-contact/js/ Frame C259 4 KB
2 KB 746ms
187ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/ajax-contact/js/ajax-contact.js?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 6ea00f64b4e1b58ac8e1162060375aeb983cbc6589ef55675c999e1fc3f447d9

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Aug 2012 05:47:50 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery.autosize.js Show response
www.cybersecurity-help.com/wp-content/plugins/side-matter/js/ Frame C259 7 KB
4 KB 747ms
187ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/side-matter/js/jquery.autosize.js?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 546f668309aa4e7cef1bdd539d67a5bf5537c1a27fe31fea1c3e87b3e01c899e

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 10 Jul 2020 07:14:28 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK mystartsearch-hijacker.png
www.cybersecurity-help.com/wp-content/uploads/2014/09/ Frame C259 359 KB
359 KB 355ms
354ms Image
image/png 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/uploads/2014/09/mystartsearch-hijacker.png
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: a0e2af2ee71f1244504b5c874399244bd67512d3cb4edfe50cca9d0d2c4ecfa3

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Last-Modified: Sun, 28 Sep 2014 15:22:49 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 367268
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK gplus.png
www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/ Frame C259 4 KB
4 KB 190ms
190ms Image
image/png 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/gplus.png
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 7e70182a518f7843c6aa9a48dcbe72a9f48652e0a17d7951202ad8766e6f39cb

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Last-Modified: Fri, 18 Oct 2013 18:44:20 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3708
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK facebook.png
www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/ Frame C259 2 KB
2 KB 187ms
186ms Image
image/png 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/facebook.png
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 764c607262c6751826039256b24e1ab9e07658574e9e3b1dc792ed5b501cb7eb

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Last-Modified: Fri, 18 Oct 2013 18:44:20 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1726
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK wp.png
www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/ Frame C259 2 KB
2 KB 189ms
188ms Image
image/png 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/social-comments/assets/images/icons/somicro/wp.png
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: f311b5bf014e5b0a2bafb986f96603368677c1782bbef9c9fa4535853edbb70b

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Last-Modified: Fri, 18 Oct 2013 18:44:20 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2139
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ Frame C259 49 KB
19 KB 47ms
25ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d54294a6014df645a307b1ddcc2647e902b58333bc92a30d65ea1786d77457d2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KOmqXMnpPdG4AEcmz1WCNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "3c51cc543292f02d30879e16f46128be"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-KOmqXMnpPdG4AEcmz1WCNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Wed, 17 Feb 2021 10:02:53 GMT

GET
H/1.1 200
OK captcha_code_file.php
www.cybersecurity-help.com/wp-content/plugins/captcha-code-authentication/ Frame C259 3 KB
3 KB 191ms
190ms Image
image/jpeg 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/plugins/captcha-code-authentication/captcha_code_file.php?rand=1078741172
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: df8700539d6cb6b23e9f30bbf7f9cbcbdf8da17aa823c9fb053fe59f104c13d4

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 10:02:53 GMT
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
Transfer-Encoding: chunked
Content-Type: image/jpeg
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK mystartsearch-hijacker-300x208.png
www.cybersecurity-help.com/wp-content/uploads/2014/09/ Frame C259 25 KB
26 KB 359ms
359ms Image
image/png 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/wp-content/uploads/2014/09/mystartsearch-hijacker-300x208.png
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 0e5452e376378c3bcfefc89d8f1a94ac21c2cefd7fea03b2c0ebe40b1e48d4c3

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Last-Modified: Sun, 28 Sep 2014 15:22:49 GMT
Server: nginx/1.0.15
Content-Type: image/png
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26099
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H2

200

combocleaner.dmg
www.combocleaner.com/files/rw/ Frame C259
Redirect Chain

https://www.cybersecurity-help.com/download-combocleaner
https://www.cybersecurity-help.com/download-combocleaner/
https://link.safecart.com/2rysza
https://link.combocleaner.com/download/?sid=57218b7465990b68d3c4049dfb128d6c7e724926&aid=vpcthreat
https://www.combocleaner.com/files/rw/combocleaner.dmg

39 KB
39 KB

46ms
29ms

Image
application/octet-stream

2606:4700:20::6818:8210
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.combocleaner.com/files/rw/combocleaner.dmg
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6818:8210 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 93998
content-disposition: attachment
content-length: 5128479
cf-request-id: 08510a6d2c00004c2cbe863000000001
last-modified: Wed, 16 Dec 2020 07:14:50 GMT
server: cloudflare
etag: "4e411f-5b68fa18c91b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ajj0%2BjIwLWqiY52PK6eSf5wYOERl5LpAOyUl3xZiKtC1FYMOHr85lf%2FexUB7Q%2FtoyCefHkKBdg6rMU%2Bv1gvAFIkJeihq%2FaDVXXAHW%2BMO4%2BYEEEaNig7IW7s3DdoGA9c6RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 622eacf51eb34c2c-AMS
expires: Thu, 18 Feb 2021 10:02:56 GMT

Redirect headers

date: Wed, 17 Feb 2021 10:02:56 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CAYt8EyJvOOpOPzIo74fOASOXLFa1xC6M7%2Favk7KAb4KIqOxSSMpVKxKTvSrv51LKXPnVt13n3r4frHJ%2B6YrvDIEYIxGb1tUuo9ZsxNAlgDY2h3kZTAvgyEJjZn3NmBX1Kk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: https://www.combocleaner.com/files/rw/combocleaner.dmg
x-robots-tag: noindex, noarchive, nosnippet, nofollow
cf-ray: 622eacf0ca3f4c2c-AMS
content-length: 0
cf-request-id: 08510a6a7c00004c2c64822000000001

GET
H/1.1 200
OK thickbox.js Show response
www.cybersecurity-help.com/wp-includes/js/thickbox/ Frame C259 12 KB
4 KB 188ms
187ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20121105
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 0605c70cd28db215d98065ee39652e06a45ce3ffa965ae43f67902dd7a318ec4

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Feb 2014 02:31:14 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK comment-reply.min.js Show response
www.cybersecurity-help.com/wp-includes/js/ Frame C259 757 B
813 B 189ms
189ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/comment-reply.min.js?ver=3.9.1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Nov 2013 01:42:10 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK navigation.js Show response
www.cybersecurity-help.com/wp-content/themes/threatshelpcenter/js/ Frame C259 3 KB
1 KB 188ms
186ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-content/themes/threatshelpcenter/js/navigation.js?ver=1.0
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 63e1d0ace9c5bf2cb237da159fa8041e073a9bc54a2d0e0b24c2690eae246fc5

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Jun 2015 11:58:41 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery.ui.core.min.js Show response
www.cybersecurity-help.com/wp-includes/js/jquery/ui/ Frame C259 4 KB
2 KB 190ms
188ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: f81e7de1612fde694636d3a1fdc5ee7c6ac13d5dfaace39ed4601fe983242e73

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:44:12 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery.ui.widget.min.js Show response
www.cybersecurity-help.com/wp-includes/js/jquery/ui/ Frame C259 6 KB
3 KB 191ms
189ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.4
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: bb8fa9b9142463722e91df6297bfccadd2744651cd0e5cfd26540cfaf1361062

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:44:12 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H/1.1 200
OK jquery.ui.tabs.min.js Show response
www.cybersecurity-help.com/wp-includes/js/jquery/ui/ Frame C259 11 KB
5 KB 190ms
189ms Script
application/x-javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.4
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 /
Resource Hash: 3d66b808acbda5cd6933408d3db6e642af59d44d78e92a469a639bf2399a1cfd

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Wed, 17 Feb 2021 10:02:53 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Jan 2014 14:44:12 GMT
Server: nginx/1.0.15
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31104000, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Sat, 12 Feb 2022 10:02:53 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8420 42 B
94 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsspRurXi5Y9IdWD84EaZ0CjRCgTUh-Dgo4GsXVSW6tHzNBxsB5B-gT5IId9959P2VkqBGV5sTdFdmflbhaxBacnihJ4RNG_7FBpFlCoZn9xDezUFHRz08ngZxeVMw&sai=AMfl-YSVHmEICQln2xKQsZdXNm9_EfjD9xMd1g7zK2_DT8zZtf5nyD8bn4Yh3I-zXqrvyrFZL8FJ7kxQKGZnqXuz0GeEHO_Mc-v9xoo&sig=Cg0ArKJSzGYvPr9DenlTEAE&cid=CAASF-RoWKI1xYKlFOI3ozbL6OQQh2XfRDgh&id=osdim&mcvt=1002&p=195,1036,445,1336&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210212&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=1926209516&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613556171145&dlt=369&rpt=132&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=1926209516&adf=2362087705&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171008&bpp=22&bdt=747&idt=103&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5584040664735&frm=20&pv=2&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=195&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&cms=2&fu=8192&bc=23&ifi=1&uci=a!1&fsb=1&xpc=J9GBsY4sQV&p=http%3A//www.removal-virusguide.com&dtd=131
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9064 42 B
66 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssvSnsbOrgATNGZsIl3sJjsZVpFpwL7DjDvrKdiMUdQOXhBwt8A0ueUcKeufSOMTSqMLvKXo2tyna9fp5iffuA8VENVoGEbgzI3NpeQGWFHcgw6DvOT1Yv71-arzA&sai=AMfl-YRE7eseFIwNiGEO0-LkhW1p95BIgmJIvFFxAKxVGzwICGb65UFwn-CKfRGU6NInp101ZPHpNMg5VaTVjZwoDYoS74jYEcrh5x4&sig=Cg0ArKJSzMVxh-7zbiznEAE&cid=CAASF-RoRLvka8ph_HUtatFKBMOfnWS_puP-&id=osdim&mcvt=1000&p=688,1036,938,1336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210212&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=351503775&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613556171156&dlt=450&rpt=80&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-7943855733030580&output=html&h=250&slotname=8176009208&adk=351503775&adf=1822984578&pi=t.ma~as.8176009208&w=300&lmt=1613556171&psa=0&format=300x250&url=http%3A%2F%2Fwww.removal-virusguide.com%2F&flash=0&wgl=1&dt=1613556171030&bpp=4&bdt=769&idt=120&shv=r20210211&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5584040664735&frm=20&pv=1&ga_vid=1899440437.1613556171&ga_sid=1613556171&ga_hid=1442994705&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1036&ady=688&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21067982%2C21068769%2C21068893&oid=3&pvsid=91039473510572&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8192&bc=23&ifi=2&uci=a!2&fsb=1&xpc=rUr9Bzjzln&p=http%3A//www.removal-virusguide.com&dtd=124
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK generator.php Show response
cybersecurity-help.com/ Frame C259 53 KB
53 KB 2012ms
1277ms Script
application/javascript 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity-help.com/generator.php
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/wp-content/plugins/side-matter/js/jquery.autosize.js?ver=3.9.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: 4ca8f7722320d5e59ac553dc60baf881d5fddc53eef14a442c8f69bc2b481a4a

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Last-Modified: Wed, 17 Feb 2021 10:02:54 GMT
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/ Frame C259 141 KB
50 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dbe94f24870455b60be49be9b72675f862260aa374086a786e893f59cb080b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 04:25:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 20:08:03 GMT
server: sffe
age: 452230
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50334
x-xss-protection: 0
expires: Sat, 12 Feb 2022 04:25:43 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ Frame C259 3 KB
2 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ada9c0063a3e8e2173d06f9b097f4bc81828b9ca94cc8322ca19692567c321f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vNRnaRHfDgTeaU3IVGJKgg==
cross-origin-resource-policy: cross-origin
expires: Wed, 17 Feb 2021 10:21:06 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
x-fb-rlafr: 0
x-fb-debug: SN1Cw0M7y/4OrAjdRss5y9NxyXXrwpSCSppikpHTqejlxJ4+RsLSHDPtzUen25Y/mKMakFzh/x0Lh7FpSn1YEQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 36893e14dcb3e865eb931b0a76732e5f
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 17 Feb 2021 10:02:53 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "1772dab2ea0e3bfaa67722c08e0956c1"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/ Frame C259 97 KB
34 KB 32ms
29ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

274c5c962cd8ec53ac23d6d07978901972efd7b33e2eb0d1a7222c61fb7f907d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 04:26:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 20:08:03 GMT
server: sffe
age: 452211
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34392
x-xss-protection: 0
expires: Sat, 12 Feb 2022 04:26:02 GMT

GET
H3-Q050 404 comments Show response
apis.google.com/_/widget/render/ Frame 64C6 2 KB
1 KB 43ms
43ms Document
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/widget/render/comments?usegapi=1&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&first_party_property=BLOGGER&legacy_comment_moderation_url=&view_type=FILTERED_POSTMOD&width=600&height=200&origin=https%3A%2F%2Fwww.cybersecurity-help.com&search=&hash=&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

baa0834d490f5d970c71195c1757eb22e4ce65dbb8431857cd58d4467a42c5ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-37t9zNZAKBwHUjeLfEfdFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /_/widget/render/comments?usegapi=1&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&first_party_property=BLOGGER&legacy_comment_moderation_url=&view_type=FILTERED_POSTMOD&width=600&height=200&origin=https%3A%2F%2Fwww.cybersecurity-help.com&search=&hash=&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=209=jmGKVf47ZUGY3ZDMGwSQjcOTAzcvP1-bXI6FDXB7GjSBXX6TM5tysfFXbnNVRhDIpgS2pq9dxufXCHviGuVVZ2lk1H_ub846i0ICmtg76CUG-wVlfedjY86qyrJMNDefatR8IqPhTGatW1RM4SaBJoctAk6_2zAYHcM9PzVQCyo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 17 Feb 2021 10:02:53 GMT
content-security-policy: script-src 'report-sample' 'nonce-37t9zNZAKBwHUjeLfEfdFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=comments/exm=auth,plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/ Frame C259 3 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=comments/exm=auth,plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0433a23e801e9118a2de8591fc1303a5a7fb4794ea2d6533aec35234eadd6167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 05:28:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 20:08:03 GMT
server: sffe
age: 534884
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1447
x-xss-protection: 0
expires: Fri, 11 Feb 2022 05:28:09 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ Frame C259 191 KB
58 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=0b6a23775e9bf5a46918a99fdedaf642&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30c20adde444e9fa895ea0cee9cbcee1d1bafa9fce35c5c805676ef13180d812

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.cybersecurity-help.com
Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: MiYSWlZZTrG89gjAXv/e6A==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 58494
x-fb-rlafr: 0
x-fb-debug: 9r6oZMKzV5N0FPsDRFKPrLobT9yuADAJ+KjrFNQJOZLG88r6bvKHLOVgbLjyhw2oMGV032VbDJbEv6L+CLbIWA==
x-fb-trip-id: 686109401
x-fb-content-md5: 67cbdf20602d22de7bad2097f41e02fa
x-frame-options: DENY
date: Wed, 17 Feb 2021 10:02:53 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "263ddca366db0361730359ded7361e8a"
timing-allow-origin: *
expires: Thu, 17 Feb 2022 08:40:55 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 2178 567 B
659 B 200ms
199ms Document
text/html 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

999f63b56664c2d0a158e9ec76a9a784edee7eb95186e99aa1a3d440874d3da2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-R0Zu24P5JmJl9T/uIeCkcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=209=jmGKVf47ZUGY3ZDMGwSQjcOTAzcvP1-bXI6FDXB7GjSBXX6TM5tysfFXbnNVRhDIpgS2pq9dxufXCHviGuVVZ2lk1H_ub846i0ICmtg76CUG-wVlfedjY86qyrJMNDefatR8IqPhTGatW1RM4SaBJoctAk6_2zAYHcM9PzVQCyo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 17 Feb 2021 10:02:53 GMT
content-security-policy: script-src 'report-sample' 'nonce-R0Zu24P5JmJl9T/uIeCkcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

/ Show response
www.enigmasoftware.com/ Frame B562
Redirect Chain

https://www.cybersecurity-help.com/download-spyhunter
https://www.cybersecurity-help.com/download-spyhunter/
https://link.safecart.com/2pce6v
https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

59 KB
17 KB

118ms
47ms

Document
text/html

65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3a0d4fdbef9ee96a04eec0fc77e061a15bc084d4bb1cd297800f7e3a3377ae79

Request headers

:method: GET
:authority: www.enigmasoftware.com
:scheme: https
:path: /?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Response headers

content-type: text/html
x-amz-id-2: dzJV6Qv44ZjyXwhJjxJDKUUIOBaOCSAPjbpfnNcmCIbKzksoGNemkr0H98NMFNxvgZ1zixaW6S8=
x-amz-request-id: 301B9496901E9450
date: Tue, 16 Feb 2021 22:09:14 GMT
last-modified: Tue, 16 Feb 2021 22:07:14 GMT
etag: W/"5fe2f2d254c1a61ffe952e62e40b2008"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: n8kAnsvVEBixSNhnIEZx5q1S3khtejMJLZ36rpyyzvUWIZPLBh8wCA==
age: 42822

Redirect headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
server: Apache
set-cookie: PHPSESSID=e2ec3e955c9e2fd4f2f3dfbbb90d692f; path=/; secure; HttpOnly enigma3=a%3A6%3A%7Bs%3A9%3A%22sessionId%22%3Bs%3A32%3A%22e2ec3e955c9e2fd4f2f3dfbbb90d692f%22%3Bs%3A10%3A%22networkFid%22%3Bs%3A5%3A%22rwire%22%3Bs%3A9%3A%22partnerId%22%3Bi%3A3213375%3Bs%3A15%3A%22affiliateInfoId%22%3Bi%3A406365%3Bs%3A15%3A%22merchantAliasId%22%3BN%3Bs%3A2%3A%22id%22%3Bs%3A40%3A%2251a6c0bc306ecf1ce7fc747fd36a338e884d1bec%22%3B%7D; expires=Tue, 18-May-2021 10:02:55 GMT; Max-Age=7776000; path=/; domain=.safecart.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: ALLOW-FROM https://www.reimageplus.com/

GET
H2

200

/ Show response
www.enigmasoftware.com/spyhunter-rw/ Frame 9AA6
Redirect Chain

https://www.cybersecurity-help.com/download-spyhuntermac
https://www.cybersecurity-help.com/download-spyhuntermac/
https://link.safecart.com/2r9rhv
https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

80 KB
18 KB

86ms
85ms

Document
text/html

65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9fb82b7082ae87f15859d00b4f9db8c761872f07a4506c30fc831807abfc6f72

Request headers

:method: GET
:authority: www.enigmasoftware.com
:scheme: https
:path: /spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Response headers

content-type: text/html
x-amz-id-2: rArs9FkwNuenFY6tLsSNZKqEySajRdoxYcA0VYCcN+t2tyG63T/gP3JENdjxyCZ1wu/DRgwAKOI=
x-amz-request-id: 3FBC549D14315BA3
date: Tue, 16 Feb 2021 22:10:04 GMT
last-modified: Fri, 05 Feb 2021 05:11:51 GMT
etag: W/"9b918b8411abf73e91d3a883cc0a825f"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: vy-xf-wh6kvOPqC6ALT2PCddHX1BcmtGptMdpta3DbnBVrDoenXvng==
age: 42772

Redirect headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
server: Apache
set-cookie: PHPSESSID=f760cb1dafe16eef3860e48b59ac27c5; path=/; secure; HttpOnly PHPSESSID=3931939b7a8d054f5443350772a35127; path=/; secure; HttpOnly enigma3=a%3A6%3A%7Bs%3A9%3A%22sessionId%22%3Bs%3A32%3A%223931939b7a8d054f5443350772a35127%22%3Bs%3A10%3A%22networkFid%22%3Bs%3A5%3A%22rwire%22%3Bs%3A9%3A%22partnerId%22%3Bi%3A943455%3Bs%3A15%3A%22affiliateInfoId%22%3Bi%3A197565%3Bs%3A15%3A%22merchantAliasId%22%3BN%3Bs%3A2%3A%22id%22%3Bs%3A40%3A%22c94c5cf760f0dbd6c7f130132309891f6da59afb%22%3B%7D; expires=Tue, 18-May-2021 10:02:55 GMT; Max-Age=7776000; path=/; domain=.safecart.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: ALLOW-FROM https://www.reimageplus.com/

GET
H/1.1 404
Not Found undefined
www.cybersecurity-help.com/de/entfernen-mystartsearch-com/ Frame C259 9 KB
9 KB 490ms
482ms Image
text/html 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/undefined
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: 9fffcf0cf18bd775bbce288c6c7226a771dd727c4bf1756adfc359c4c9e51d07

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 10:02:54 GMT
Content-Encoding: gzip
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
X-Pingback: https://www.cybersecurity-help.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

200

feedback.php Show response
www.facebook.com/plugins/ Frame C032
Redirect Chain

https://www.facebook.com/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-he...
https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-hel...

10 KB
5 KB

56ms
55ms

Document
text/html

2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=0b6a23775e9bf5a46918a99fdedaf642&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4e4459bf6a2924f7e251f3f65249d280ace0be4ad0ab89e4ae0b45bd05edba16

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

vary: Accept-Encoding
x-fb-rlafr: 0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-encoding: br
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: private, no-cache, no-store, must-revalidate
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
x-fb-debug: rJrrJw4cIzK0vRXR73k/nMz0nH5ijJMUhB7Woy0ZI6LdCEhyXMTwdBkC0KEPhiQU6Py8jvs0O0Ul3OP1Vk0O7A==
date: Wed, 17 Feb 2021 10:02:53 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 8dj4R+2/5Az0f/2xxGiA/ZXdYaoUMaYRcdQBy1sn6+/WRCb2DxRiqFwfAHTdy0pxuLaSm1rKmPALH8Ibf9jT5w==
content-length: 0
date: Wed, 17 Feb 2021 10:02:53 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 2038943760-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 2178 10 KB
5 KB 28ms
8ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 17:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 03:27:24 GMT
server: sffe
age: 58717
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4265
x-xss-protection: 0
expires: Wed, 16 Feb 2022 17:44:16 GMT

GET
H3-Q050 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 2178 12 KB
5 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38a622d903f3d196af226cd9f4081afc5e717465d8afc40f39b6a8319be4c786

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oP+rHgpmSiQw58WVZET/bg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "089674d94dca2bf44b47ebe0e4c3595b"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-oP+rHgpmSiQw58WVZET/bg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Wed, 17 Feb 2021 10:02:53 GMT

GET
H2 200 8WHx3Z8IFoG.css
www.facebook.com/rsrc.php/v3/yU/l/0,cross/ Frame C032 128 KB
21 KB 6ms
6ms Stylesheet
text/css 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3/yU/l/0,cross/8WHx3Z8IFoG.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

35fe3377279d21fb5a2e01f92eddc9f816cd4fac3e303ca246596104a81eba95

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.facebook.com
Referer: https://www.facebook.com/plugins/feedback.php?app_id&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bceeb80f14a8%26domain%3Dwww.cybersecurity-help.com%26origin%3Dhttps%253A%252F%252Fwww.cybersecurity-help.com%252Ff902cfe441aa44%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&locale=en_US&sdk=joey&width=470
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-debug: +9rL4RxT3lS+EcG2/bTPKl+X+Uj3n3dHjMLNrpQ40iHZ3WqLJX7WmgBNpJ+Q7eEuJDCI0rLNxRMBkONN3H+WPg==
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 9zv2T1PIYDE9iijrIp7/zQ==
date: Mon, 15 Feb 2021 17:15:52 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20921
x-fb-rlafr: 0
expires: Tue, 15 Feb 2022 17:15:52 GMT

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/ Frame 2178 51 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.3k1wIje1lec.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

614c628979413c313447557e9d90e9082ca8b9175d5c4a464bd6a9e6bc3a4aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.cybersecurity-help.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.3k1wIje1lec.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCNT4ir0QEJ6sXXAMZvqjav9vQSaLw%2Fm%3D__features__
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 03:48:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 20:08:03 GMT
server: sffe
age: 540839
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18067
x-xss-protection: 0
expires: Fri, 11 Feb 2022 03:48:54 GMT

GET
H2 200 bundle.css
www.enigmasoftware.com/wp-content/themes/default/css/ Frame B562 878 KB
267 KB 53ms
53ms Stylesheet
text/css 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/css/bundle.css?1613036403
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea5e91047fbe07156bb51af1b8ebc8b03ff36770f3d4af9fef353054db538e6e

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:07:56 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42900
etag: W/"e5c5e211679357873afa2c35d6367a09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-request-id: E19943AB106CFAB4
x-amz-cf-id: VKT4_4l6_IsOb-GJHD1CYz03LYQM0A5rJEK5mflyOxTDY9AeSlw3Lw==
x-amz-id-2: UsFPb3A4lVNNASAts9cnIyHLrKP3GiXT5QohMrf6m9p3R5MHRdGGLHz2GhhtQEdm3FLe1pybicI=

GET
H2 200 covid-19-cyberattacks-rise-150x148.jpg
www.enigmasoftware.com/images/2020/ Frame B562 9 KB
9 KB 46ms
46ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/covid-19-cyberattacks-rise-150x148.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: defb9deed8454b628d828e03752f259bd79e2aaf7829b3d8aae003b6ff4e2d52

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 11:04:06 GMT
server: AmazonS3
age: 42821
etag: "e2ee375d66fd6c5273f54ecf3909917b"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=16070400
content-length: 9199
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 4608AD45DD8DBBE8
x-amz-id-2: KVKqE07dMOCCLWHFcrZZd+z0qNVmWREYEOxQFj1t6zVlTE/qebH6bLwzB9RxBgYXAevmZJzFVsk=
x-amz-cf-id: GVmMV3jDjiXjz8_0AOtK69I1WlJi9eClKGusAgZsMwWKguXtMOUV3A==

GET
H2 200 coronavirus-scam-150x150.jpg
www.enigmasoftware.com/images/2020/ Frame B562 7 KB
8 KB 118ms
115ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/coronavirus-scam-150x150.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2847534dae099aab6e1ce09834d9b149429a7a8352cd0560e30ddaf3e39974c4

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 11:04:05 GMT
server: AmazonS3
age: 42821
etag: "7d740b5f4034ca64b9709930c1f561ff"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=16070400
content-length: 7418
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 2372B0FD32D9CB43
x-amz-id-2: 28rVfLj6E0su8kyAvuCUeC2rvCW5SmEWKcplqz4v1yGclJFeFNjV3Fc92Ne0mmY5K/GbiRj+FRM=
x-amz-cf-id: tMY4p60wgW-JcVxTNvsXxBfmsuF4r4hHWY3KrGSr4eOylu2CSYXO2g==

GET
H2 200 healthcare-ransomware-attacks-150x150.jpg
www.enigmasoftware.com/images/2020/ Frame B562 5 KB
5 KB 116ms
113ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/healthcare-ransomware-attacks-150x150.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aec941c2553e054adfc389e3b8242ae1b0579a718ce3f953c97866c9791c71bf

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Wed, 11 Nov 2020 14:17:47 GMT
server: AmazonS3
age: 42821
etag: "04150b58ea8ca218ca22a95a09b1ad3e"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=16070400
content-length: 5078
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: DE9ED736FCB19FD3
x-amz-id-2: mDwoR4TOrjh1YGiGUJvOexAMpjvKiPhv0BOgcYEs2hmxNJQYW/L+G6g6PYZV9tr48CvX6Ej3dZY=
x-amz-cf-id: PPWd-nEf0YWI4OirV0E_B5kY_-jG1MoqNAwGMNfPZOx9LY1rbDz0Kw==

GET
H2 200 webdiscoverbrowser_img1-150x150.png
www.enigmasoftware.com/images/2015/ Frame B562 11 KB
12 KB 117ms
114ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2015/webdiscoverbrowser_img1-150x150.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bae9feda424447121f1c9f79f1f69c15e85af45700363c54a02adea7f60c4e76

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 12:59:13 GMT
server: AmazonS3
age: 42821
etag: "8cd7732fbd5a5164998b5983b272113b"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=16070400
content-length: 11505
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 6F712EA5CD2E054D
x-amz-id-2: 2BmZYi/hWwWSYQrFyzvx0RisvgRdG7LepujutnDcV8cF8qvOlG/4Mq2TmOsWCWdspo7jleIf8Ts=
x-amz-cf-id: rzNxALdBvHtg5-RSskKpMOW7CDijZJ2_TUsETtXtG0KUf8L08ZX1pw==

GET
H2 200 stopransomware_img1_thmb-1-150x141.png
www.enigmasoftware.com/images/2018/ Frame B562 10 KB
10 KB 128ms
126ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2018/stopransomware_img1_thmb-1-150x141.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2dc95b38c17dba547c0f7b6977bd4817a0f53cf96aa3bb3eb8928b24d9966033

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Tue, 27 Oct 2020 20:25:18 GMT
server: AmazonS3
age: 42821
etag: "15740d861f4eff757569aae582047452"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=16070400
content-length: 9863
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: E20357FCE4E10292
x-amz-id-2: K7Gny4lFOdhShvuXG2tma/MdCRuE732BlggUKCrP0weX5KeWWtPvbsN0ymhKKL7cPfUPl9+tEAQ=
x-amz-cf-id: -gvQWiOfp0v4kKULRQP66knErJ_m0oZ_ywsf6lm3vl0XSIqq7x7lcA==

GET
H2 200 mac-os-terminals-150x150.jpg
www.enigmasoftware.com/images/2019/ Frame B562 5 KB
6 KB 127ms
124ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2019/mac-os-terminals-150x150.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1211be8bca16c24f2600a0285d9c2a0d9250821d68d840899fb380a9f381260

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 11:30:53 GMT
server: AmazonS3
age: 42821
etag: "85e6cc4acce8f8344f48d1900beae725"
x-cache: Hit from cloudfront
content-type: image/jpeg
content-length: 5616
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 65F5A367274A84A8
x-amz-id-2: dcOur72qh86gKCPnpuZoBEtak0nKlMPVn2sMB49KQpCxK7VytHs0VDgHkEW6mEK9Vsh/H5X7poA=
x-amz-cf-id: 66N1ry21YYjFKiQF7vGjWLs0rl45595B-ZfIPodR9VaR9pdfd1ZoSQ==

GET
H2 200 newsbreakcom-150x150.jpg
www.enigmasoftware.com/images/2020/ Frame B562 8 KB
8 KB 130ms
127ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/newsbreakcom-150x150.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 574ca5bff2b33a20e450accf2dae8a182e717f6dc82622ac1bf471e27674925f

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 11:04:34 GMT
server: AmazonS3
age: 42821
etag: "9617485c2697a662bed66d1e65b8b1d3"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=16070400
content-length: 7697
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 39258FB85FC621BF
x-amz-id-2: Pzvdm88VEj3eGph0KjcZREJYOI8KnXK1SiCKSg3lOkAvNueRsji10fLR8i/SLLT3dwozxH6oSqk=
x-amz-cf-id: ZT8iaevbWltI34Dr_yc4ai41x2OvoaOxvEUaME0G5YLi2AkNA43-hA==

GET
H2 200 coronavirus-apt-malware-attack-150x150.jpg
www.enigmasoftware.com/images/2020/ Frame B562 7 KB
8 KB 127ms
125ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/coronavirus-apt-malware-attack-150x150.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1a3fdd2b11a89fe0818cee17467ca50b97235108a568a29e382fa5a8b1b2640e

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 11:22:36 GMT
server: AmazonS3
age: 42821
etag: "ede5ea4967f34ea6e5973e0f38308ef5"
x-cache: Hit from cloudfront
content-type: image/jpeg
content-length: 7340
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: B8A082D3C50194DB
x-amz-id-2: PuH7pwIJsoTH48gDNOEkSVAYUQkjXHRv0XZEscSADSfXANB05URTeLFoPEX+XjAfyOf45/IDM4Q=
x-amz-cf-id: XDMgHy8Vvt5XaOY-0tHtABYA6lFVvJLa3YBWHGFjHYduJZj78sW5Ug==

GET
H2 200 howransomware_img1-150x150.png
www.enigmasoftware.com/images/2020/ Frame B562 6 KB
6 KB 126ms
124ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2020/howransomware_img1-150x150.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4a78ef727ff6e45a19663f6c7ba9181e0460c2671aab4613ba515736182c62ae

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 13:12:40 GMT
server: AmazonS3
age: 42821
etag: "06b5f9e18b80dd9ac704b979d8a9ef06"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=16070400
content-length: 5802
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: B44336B765C59199
x-amz-id-2: AWNcB/AMV0Etrcx7CsXTvoSMr9l8uoN1D9hqZYT/QLJXyDn4U2+SfjeN/8p037LJastQ6v6prqU=
x-amz-cf-id: zsx51yX2RKP3Qr5CBFKizF5HShorro5pAkJtWZXYvOnV9MwgG1M-Xg==

GET
H2 200 randomaudioadsvirus_pic1_thumb.jpg
www.enigmasoftware.com/images/2011/ Frame B562 3 KB
3 KB 127ms
125ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/images/2011/randomaudioadsvirus_pic1_thumb.jpg
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5895b9f8dd9044e2a020cf342499a654a26a61dee644cd403df676d55d68bc41

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 24 Sep 2020 10:49:55 GMT
server: AmazonS3
age: 42821
etag: "d189bc1ad425917e63761b0f30d913f7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=16070400
content-length: 2624
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: E3BB5F3FAB9D62B8
x-amz-id-2: YSsArclocvywPCAtnCdnMYLKQZyJlZLZuJLpxFkix5msZCRvn+za0PudMGBpaH6y1Mt+q8GkcGU=
x-amz-cf-id: nJLTrWNn3oyCapvwAbKUse2x8vH98q5ukFSR11JKIwj6tWyTyd-xPg==

GET
H2 200 ads.js.php Show response
www.enigmasoftware.com/wp-content/plugins/adrotate/ Frame B562 79 KB
79 KB 93ms
89ms Script
application/octet-stream 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/plugins/adrotate/ads.js.php?v1=1613036386&v2=1619613694
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 058584233380be2ad1e567c7f0206f7c76e85abc8f76ba6cd4891a9a51ac5ed8

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Tue, 16 Feb 2021 22:07:14 GMT
server: AmazonS3
age: 42821
etag: "5370794e622e451b5b61664547d23592"
x-cache: Hit from cloudfront
content-type: application/octet-stream
content-length: 80414
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: AB39BDDA128385A9
x-amz-id-2: 2HqXyuFyFjrRyT3s5G4vkaDPaOxEFF0W8jQ2rQzoaf+tBBPfSJo/ERmP89j1onRBFj19PMU2Vt0=
x-amz-cf-id: QrMugaOx9rX2_G46qP5LuF233rNP3dd3V19KKwDvC2eARQNi4NImnQ==

GET
H2 200 exit-popup.js.php Show response
www.enigmasoftware.com/wp-content/plugins/exit-popup/js/ Frame B562 15 KB
15 KB 127ms
124ms Script
application/octet-stream 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/plugins/exit-popup/js/exit-popup.js.php?v1=1613036387&v2=1610440254
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57c3feb72fb508e47b95cd9d535e9ae3cee2f98034b416bcd04b7e1ad88d212c

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 10:29:35 GMT
server: AmazonS3
age: 42821
etag: "e0b938e0ab4ee1ee6fc19479c0e37613"
x-cache: Hit from cloudfront
content-type: application/octet-stream
content-length: 15018
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: C8904DE1546FF95C
x-amz-id-2: XWZsu5b+EyXgj+6kuBqAkbEkLkEfdfr6vB5mNgDMeBew1JTB/0NYdoqIPeRs/qQe0tbrGj6y9eU=
x-amz-cf-id: 0ErPACK8tTU9H_nGG0_DlGGj-Wm6gm_LCYLKBJtg8Va9CXzOi1UDQQ==

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ Frame B562 95 KB
29 KB 65ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: c34f5c51cea0ee9e05108c79c404086a24b73fbecb0999654fc9116b4c4b755e

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 774
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28744
x-tw-cdn: VZ
Last-Modified: Mon, 08 Feb 2021 21:21:01 GMT
Server: ECS (amb/6BAC)
Etag: "11a0c75a945561958f0b924da0e67334+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 bundle.js Show response
www.enigmasoftware.com/wp-content/themes/default/js/ Frame B562 421 KB
118 KB 119ms
116ms Script
text/javascript 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1613036404
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8a76b7ffdca1d19ef49a68b64339042dd86901fb28ba9d3c1491ad40724c731c

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:07:56 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42900
etag: W/"52f7d09675a4b5f0c863562d85d6549f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-request-id: E1B3789271B6B365
x-amz-cf-id: 1vF0VtPJeP75UcR58x4KCnN-hHIK2DvyQ_Q6aKHzvptT-3V5BdyW6Q==
x-amz-id-2: 2yciQH0o5Cg6wb2h2bprsH3m9LkrBNEB9aN+pwX12R4tjl0NxPfMmPNXGVJ8OfovPchUTnRJM7s=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame B562 142 KB
50 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67a00fbdd7b0ae8a8258edc321008a3bc8203d162b77488cbe069d0a23046a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50705
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Feb 2021 10:02:55 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ Frame B562 27 KB
8 KB 30ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:54 GMT
content-encoding: gzip
last-modified: Wed, 03 Feb 2021 20:48:20 GMT
x-msedge-ref: Ref A: BE777EEA75CA4A668938C01303B78F88 Ref B: FRAEDGE1512 Ref C: 2021-02-17T10:02:55Z
etag: "042b8e76dfad61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame B562 4 KB
2 KB 51ms
21ms Script
application/x-javascript 2a02:26f0:7100:48a::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:48a::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=78836
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame B562 91 KB
24 KB 23ms
23ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: 5NRjEFzqcBn83OImhSKdSVuSp9u9nKANd6bjAZfa7orsPZOp4ABq8p5LjqFfSNttuwI/mdBjXjyzSJurx6Qczg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 17 Feb 2021 10:02:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK atrk.js Show response
d31qbv1cthcecs.cloudfront.net/ Frame B562 4 KB
5 KB 163ms
46ms Script
text/javascript 65.9.20.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.8 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 00:34:48 GMT
Via: 1.1 447f0defb04b912ed949f0fdd5a6492e.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Sat, 16 Mar 2019 16:01:33 GMT
Server: AmazonS3
Age: 12216488
ETag: "96c08723796affab377d9bb08d631cd0"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Cache-Control: max-age=26920000
X-Amz-Cf-Pop: ZAG50-C1
Accept-Ranges: bytes
Content-Length: 4264
X-Amz-Cf-Id: 110zHtEiOwxrS8LWCtN9iWWh88dbTLuNtXoVaQrfQffheGnPrNhCtA==

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/8db2aa7f68a94ef79df613a1a47acbb8/ Frame B562 43 B
424 B 520ms
126ms Image
image/gif 3.217.219.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/8db2aa7f68a94ef79df613a1a47acbb8/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.enigmasoftware.com%2F%3Frw_session_id%3D51a6c0bc306ecf1ce7fc747fd36a338e884d1bec%26rw_affiliate_id%3Dportela

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.217.219.88 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-217-219-88.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,eebdd953da507eecb87dc144cc992436,10.0.0.234,56824,185.156.175.107,,66764774902,1,1613556175.877,0.003,,.,0,0,0.000,0.004,-,0,0,197,214,107,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 lftracker_v1_Xbp1oaEGkPy7EdVj.js Show response
sc.lfeeder.com/ Frame B562 18 KB
7 KB 54ms
6ms Script
application/javascript 2600:9000:206f:7800:1f:f723:6fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_Xbp1oaEGkPy7EdVj.js
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:7800:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9d69f9fd99729bc8fb7a18e68ea33d2b3ac5b4a6106e62c840f423c808247772

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: wVjdGJESncHSPHrTKI_mZ1jky1KeLSW_
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 14:41:19 GMT
server: AmazonS3
age: 811
etag: W/"6fb145c46676e7f3f0f4ce5513d7bc57"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Wed, 17 Feb 2021 10:01:50 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: dvxqb2E0g33fGvyTy3s7foH-tIuQr_dOskfzncI71ISdeHcmSM8arA==

GET
H2 200 1559634284327625 Show response
connect.facebook.net/signals/config/ Frame B562 241 KB
70 KB 8ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1559634284327625?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3821a4284229893f84d00e02e9c29d71c47e11e441d1729af5b7a4c95862a316

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70756
x-fb-rlafr: 0
pragma: public
x-fb-debug: 4uaJT2dVyPDghkq618IED5ITSBjmhuLnpEjzw2EcjOvwDGU07jbv1wwRxX7AKF5UP1Cf3j6j/x7FjTQwMIsHMA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 17 Feb 2021 10:02:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 421057237
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/ Frame B562
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D428537%26time%3D1613556175465%26url%3Dhttps%253A%252F%252Fwww.cybersecurity-help....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true

0
81 B

143ms
143ms

Image
application/javascript

2620:119:50e3:101::6cae:b45
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e3:101::6cae:b45 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-eda6
content-type: application/javascript
content-length: 0
x-li-uuid: RGKYEcuAZBawT9mC4CoAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: emgbCMuAZBYQmSPBRCsAAA==
pragma: no-cache
x-li-pop: afd-prod-eda6
x-msedge-ref: Ref A: 98660FDE09EE4583994828A2747CD2D4 Ref B: FRAEDGE1317 Ref C: 2021-02-17T10:02:55Z
date: Wed, 17 Feb 2021 10:02:55 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175465&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame B562 44 B
260 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1559634284327625&ev=PageView&dl=https%3A%2F%2Fwww.enigmasoftware.com%2F%3Frw_session_id%3D51a6c0bc306ecf1ce7fc747fd36a338e884d1bec%26rw_affiliate_id%3Dportela&rl=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&if=true&ts=1613556175494&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&it=1613556175454&coo=false&rqm=GET

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 17 Feb 2021 10:02:55 GMT

GET
H2 200 get.php Show response
myaccount.enigmasoftware.com/tools/ip2country/ Frame B562 84 B
508 B 420ms
380ms XHR
application/json 2600:9000:206f:5a00:17:a556:9bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.enigmasoftware.com/tools/ip2country/get.php
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1613036404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:17:a556:9bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 (Amazon) /
Resource Hash: 189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
via: 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
last-modified: Mon, 16 Nov 2020 11:21:45 GMT
server: Apache/2.4.46 (Amazon)
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: GET, POST
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-cache: Miss from cloudfront
access-control-allow-headers: X-Requested-With
content-length: 84
x-amz-cf-id: 6YzRNHcCW5rjAkc-qBiusrQN3HUkCeVgnqAsVqt7VlAN-gtN_DP1IA==
expires: Thu, 18 Feb 2021 10:02:55 GMT

GET
H/1.1 200
OK widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html Show response
platform.twitter.com/widgets/ Frame 77C2 320 KB
104 KB 14ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB7) /
Resource Hash: 99adb384fd992660be76df488633e76fe86ed9bba2a7cdf143a97e03fc3ee94d

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 651401
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 17 Feb 2021 10:02:55 GMT
Etag: "d9fdaa7a36dc36e57ad53c2039f52486+gzip"
Last-Modified: Mon, 08 Feb 2021 21:19:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BB7)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105677

GET
H2 204 0
bat.bing.com/action/ Frame B562 0
93 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5012076&Ver=2&mid=b4a4360f-ba7e-42b3-aa95-ec5bfb73005e&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Remove%20Spyware%20%26%20Malware%20with%20SpyHunter&kw=spyware%20removal,%20antispyware,%20fix%20computer,%20spyware%20virus,%20computer%20repair,%20malware%20removal,%20trojan%20remover,%20rootkits,%20windows%20repair,%20internet%20security&p=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&r=&lt=1839&evt=pageLoad&ifm=1&msclkid=N&sv=1&rn=918399
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 17 Feb 2021 10:02:54 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 3C5436B7F57D46499535536C8216486B Ref B: FRAEDGE1512 Ref C: 2021-02-17T10:02:55Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame B562 46 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 4539
date: Wed, 17 Feb 2021 08:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 10:47:16 GMT

GET
H2 200 bundle.css
www.enigmasoftware.com/wp-content/themes/default/css/ Frame 9AA6 878 KB
267 KB 41ms
41ms Stylesheet
text/css 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/css/bundle.css?1612356090
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea5e91047fbe07156bb51af1b8ebc8b03ff36770f3d4af9fef353054db538e6e

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:07:56 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42900
etag: W/"e5c5e211679357873afa2c35d6367a09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-request-id: E19943AB106CFAB4
x-amz-cf-id: d3TB2JuWIxgD80bTekKA7vZF2OYf_NlZNRa_0B7CupNeDw23nCLvUA==
x-amz-id-2: UsFPb3A4lVNNASAts9cnIyHLrKP3GiXT5QohMrf6m9p3R5MHRdGGLHz2GhhtQEdm3FLe1pybicI=

GET
H2 200 5lcrgmvmrs.jsonp Show response
fast.wistia.com/embed/medias/ Frame 9AA6 8 KB
3 KB 30ms
14ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/5lcrgmvmrs.jsonp

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

13f047edc3fad34529b1afe87a10a3e1e28ad45d44cce3dc8b1deeee0cc2d4b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 6298
x-cache: HIT, HIT
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-length: 3026
x-request-id: f000be60c1c2c22a5ad6cdf5542bc6eb
x-served-by: cache-dca17728-DCA, cache-hhn4064-HHN
x-runtime: 0.040866
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1613556176.638248,VS0,VE1
etag: W/"13f047edc3fad34529b1afe87a10a3e1"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ Frame 9AA6 642 KB
118 KB 17ms
7ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b463dd33828f8475fbb06d0feb05a01b40be4eac3897589791384d4d07cc6b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
vary: Accept-Encoding
age: 1146
x-cache: HIT, HIT
content-length: 120244
x-served-by: cache-dca17770-DCA, cache-hhn4064-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 19:39:09 GMT
x-timer: S1613556176.638260,VS0,VE0
etag: "602c1f5d-1d5b4"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 614

GET
H2 200 appesteem-seal.png
www.enigmasoftware.com/wp-content/themes/default/images/pages/ Frame 9AA6 32 KB
32 KB 43ms
40ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/pages/appesteem-seal.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b92ee367ac87c8ed581431feb27ec2d422e4a6ebb9d03ccde63059b25c1bac17

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:05 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Fri, 05 Feb 2021 05:09:24 GMT
server: AmazonS3
age: 42771
etag: "b1a32ef836e4870376e288ede6de1674"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 32453
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 071043D96D896B94
x-amz-id-2: zWIUgcp6ZYVV7DL1x3TqHxMVmJzKVtc8pDgPNatd7hWBzhfwYDVG7DQW10ETWXbI4YnCz6hPiIA=
x-amz-cf-id: M_tgbczrJtmzGkCuHaDowO3VZNqhEedSs9nG0VUwQxr_Z73GiHgqQQ==

GET
H2 200 avtest.png
www.enigmasoftware.com/wp-content/themes/default/images/pages/press/ Frame 9AA6 3 KB
4 KB 46ms
43ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/pages/press/avtest.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 373e9e86db615eb4a95a3f42e9ecd625cddfd3a705e73a40686869787f97363f

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:05 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Fri, 05 Feb 2021 05:09:24 GMT
server: AmazonS3
age: 42771
etag: "72a4f1d6ba62b9e4dcf4a84cd8a49a6d"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 3170
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: CB85D7834128C9CE
x-amz-id-2: 1OKeb632mzRwBB7SFWbl1sf+hwU89sBE1LWtyk1JBfR6Hhlp2axKJgOgkQTEvJKCGZdYWKJakzc=
x-amz-cf-id: dixC9V7ya_PAy8EaQpj6QSVs6trxIo5Cdi-djDTZosdXoFDH3W92Pg==

GET
H2 200 truste-v2.png
www.enigmasoftware.com/wp-content/themes/default/images/pages/ Frame 9AA6 8 KB
8 KB 44ms
40ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/pages/truste-v2.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 715bb5590919337d6d2e2f677fca4e7f2f7573e4cf10d230c820e416d2ae2076

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:05 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Fri, 05 Feb 2021 05:09:25 GMT
server: AmazonS3
age: 42771
etag: "85cd0ea47b59ca89331a3ebc6cd28b42"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 8193
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: F6334E6E09C8ABA8
x-amz-id-2: tsVjNiwdZBQ8DnAMwuP7QtjM/DGSt4KwOg9kyOJCz49rVmWPjd02llHllFw7+QH1Yr4DFqTBFIM=
x-amz-cf-id: KlAey-rESbCk1aDKIhJEUaibLAp_5coRl9bYvLqAIk12SSwpoPJN8w==

GET
H2 200 ephyragroup.png
www.enigmasoftware.com/wp-content/themes/default/images/pages/ Frame 9AA6 4 KB
5 KB 44ms
41ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/pages/ephyragroup.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 582804e17569ba993f75d662428274d98698b0541ee5642a7b68994f15d7b3af

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:05 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Fri, 05 Feb 2021 05:09:25 GMT
server: AmazonS3
age: 42771
etag: "b043835ff56cdb975eb41b411346e2d7"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 4418
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 29114046EFF81615
x-amz-id-2: jspr4YUuRmz4XQjQ9blNkr5SHsnxXYttns/BxavT2ePChG3ZefVOkpoTjkKS4o7Hr/jzlESJ1lQ=
x-amz-cf-id: vOnRGJ0IE1BNEuyFFi1di3WdUIugKEX1b8Uw9h6c0Y219cGvgZ3-hw==

GET
H2 200 opswat-small.png
www.enigmasoftware.com/wp-content/themes/default/images/pages/ Frame 9AA6 4 KB
5 KB 44ms
41ms Image
image/png 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/pages/opswat-small.png
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3846670fd7353acda71027ccb9251875b8b2c2619b13fad527fb4527030f9bd8

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:10:05 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Fri, 05 Feb 2021 05:09:25 GMT
server: AmazonS3
age: 42771
etag: "5777f5130367e3fd7b2161e92e826d15"
x-cache: Hit from cloudfront
content-type: image/png
content-length: 4572
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: A29E90775244B0A9
x-amz-id-2: 9nH3Cdni46pCtAPqTdXNPXOmQqB6fJxvXai1qsghmevKKHfj1fjKil35jIHtPbe+spNtulHPYDc=
x-amz-cf-id: 4wE7AZmVUBmbcp7bmJLOIBuFPQYduOgcDQejnvOYM_DWZ36cKybLWw==

GET
H2 200 wv07kr038v.jsonp Show response
fast.wistia.com/embed/medias/ Frame 9AA6 6 KB
3 KB 22ms
14ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/wv07kr038v.jsonp

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

05ed5293e73d4c1cb867c5106f4ed5ee97e1ba16316f215c7f96fc05702b8dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 79411
x-cache: MISS, HIT
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-length: 2234
x-request-id: 41094701cb2df1433d149e726134af32
x-served-by: cache-dca17782-DCA, cache-hhn4064-HHN
x-runtime: 0.064193
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1613556176.638296,VS0,VE1
etag: W/"05ed5293e73d4c1cb867c5106f4ed5ee"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: application/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 1

GET
H2 200 ads.js.php Show response
www.enigmasoftware.com/wp-content/plugins/adrotate/ Frame 9AA6 79 KB
79 KB 42ms
38ms Script
application/octet-stream 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/plugins/adrotate/ads.js.php?v1=1612356062&v2=1619613694
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 058584233380be2ad1e567c7f0206f7c76e85abc8f76ba6cd4891a9a51ac5ed8

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Tue, 16 Feb 2021 22:07:14 GMT
server: AmazonS3
age: 42821
etag: "5370794e622e451b5b61664547d23592"
x-cache: Hit from cloudfront
content-type: application/octet-stream
content-length: 80414
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: AB39BDDA128385A9
x-amz-id-2: 2HqXyuFyFjrRyT3s5G4vkaDPaOxEFF0W8jQ2rQzoaf+tBBPfSJo/ERmP89j1onRBFj19PMU2Vt0=
x-amz-cf-id: nxsDxFgb1iDv5WZPlUwBm1HiykydqSVklDncp_Sy92C7RojSe3XUIw==

GET
H2 200 exit-popup.js.php Show response
www.enigmasoftware.com/wp-content/plugins/exit-popup/js/ Frame 9AA6 15 KB
15 KB 44ms
40ms Script
application/octet-stream 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/plugins/exit-popup/js/exit-popup.js.php?v1=1612356062&v2=1610440254
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 57c3feb72fb508e47b95cd9d535e9ae3cee2f98034b416bcd04b7e1ad88d212c

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:15 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 10:29:35 GMT
server: AmazonS3
age: 42821
etag: "e0b938e0ab4ee1ee6fc19479c0e37613"
x-cache: Hit from cloudfront
content-type: application/octet-stream
content-length: 15018
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: C8904DE1546FF95C
x-amz-id-2: XWZsu5b+EyXgj+6kuBqAkbEkLkEfdfr6vB5mNgDMeBew1JTB/0NYdoqIPeRs/qQe0tbrGj6y9eU=
x-amz-cf-id: h0P8x1Z3KgSkdLayi6OYMd6kQ_VrlZdF4tT8r9kuHEiGHMCcSDMRUQ==

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ Frame 9AA6 95 KB
29 KB 16ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: c34f5c51cea0ee9e05108c79c404086a24b73fbecb0999654fc9116b4c4b755e

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 774
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28744
x-tw-cdn: VZ
Last-Modified: Mon, 08 Feb 2021 21:21:01 GMT
Server: ECS (amb/6BAC)
Etag: "11a0c75a945561958f0b924da0e67334+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 bundle.js Show response
www.enigmasoftware.com/wp-content/themes/default/js/ Frame 9AA6 421 KB
118 KB 46ms
42ms Script
text/javascript 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1612356091
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8a76b7ffdca1d19ef49a68b64339042dd86901fb28ba9d3c1491ad40724c731c

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:07:56 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42900
etag: W/"52f7d09675a4b5f0c863562d85d6549f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-amz-request-id: E1B3789271B6B365
x-amz-cf-id: PCwFYiQjcHadC6kjqWcnF3bXfKIkyy7UCnppKR3GWJkiyJEnVRN3zg==
x-amz-id-2: 2yciQH0o5Cg6wb2h2bprsH3m9LkrBNEB9aN+pwX12R4tjl0NxPfMmPNXGVJ8OfovPchUTnRJM7s=

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame 9AA6 142 KB
50 KB 25ms
22ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

447d9b07c5b366798e940563561b57603067afac742399b958f6c7901f6d6a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50706
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Feb 2021 10:02:55 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ Frame B562 43 B
552 B 142ms
46ms Image
image/gif 65.9.94.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=0&frame_width=0&iframe=1&title=Remove%20Spyware%20%26%20Malware%20with%20SpyHunter&time=1613556175627&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&host_url=https%3A%2F%2Fwww.enigmasoftware.com%2F%3Frw_session_id%3D51a6c0bc306ecf1ce7fc747fd36a338e884d1bec%26rw_affiliate_id%3Dportela&random_number=2205163372&sess_cookie=a6ecdeda177af71530ad7b92389&sess_cookie_flag=1&user_cookie=a6ecdeda177af71530ad7b92389&user_cookie_flag=1&dynamic=true&domain=enigmasoftware.com&account=YH9Bp1IWh910Y8&jsv=20130128&user_lang=en-US
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.94.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 04:37:09 GMT
Via: 1.1 0803e66d64c794aaadfd4a88601bc68e.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 19547
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: PRG50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: Yw9KjbevOZb8KtkN17ZhOYz_hoMmGsT_QwiU3d_wXoLLyRlVvTQ--Q==

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 77C2 183 B
411 B 216ms
150ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3ec8642390b452cbf066b9c5be470e82729392a2

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-response-time: 117
date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: gzip
last-modified: Wed, 17 Feb 2021 10:02:55 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: bb0b852ca53092cc09f78a06b7ab9e53
strict-transport-security: max-age=631138519
content-length: 152

GET
H2 200 bat.js Show response
bat.bing.com/ Frame 9AA6 27 KB
8 KB 30ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:54 GMT
content-encoding: gzip
last-modified: Wed, 03 Feb 2021 20:48:20 GMT
x-msedge-ref: Ref A: ED4D5AFCF210434E8BF82D11A9F8EDD7 Ref B: FRAEDGE1512 Ref C: 2021-02-17T10:02:55Z
etag: "042b8e76dfad61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 9AA6 4 KB
2 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:7100:48a::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:48a::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=78836
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 9AA6 91 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: 5NRjEFzqcBn83OImhSKdSVuSp9u9nKANd6bjAZfa7orsPZOp4ABq8p5LjqFfSNttuwI/mdBjXjyzSJurx6Qczg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 17 Feb 2021 10:02:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK atrk.js Show response
d31qbv1cthcecs.cloudfront.net/ Frame 9AA6 4 KB
5 KB 46ms
46ms Script
text/javascript 65.9.20.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.8 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 00:34:48 GMT
Via: 1.1 447f0defb04b912ed949f0fdd5a6492e.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Sat, 16 Mar 2019 16:01:33 GMT
Server: AmazonS3
Age: 12216488
ETag: "96c08723796affab377d9bb08d631cd0"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Cache-Control: max-age=26920000
X-Amz-Cf-Pop: ZAG50-C1
Accept-Ranges: bytes
Content-Length: 4264
X-Amz-Cf-Id: KshP4V2DzjSg-kvL7e37C8VgA7_j_2uWe-uo2lMUSEnSJBXq334KMQ==

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/8db2aa7f68a94ef79df613a1a47acbb8/ Frame 9AA6 43 B
423 B 291ms
125ms Image
image/gif 3.217.219.88
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/8db2aa7f68a94ef79df613a1a47acbb8/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.enigmasoftware.com%2Fspyhunter-rw%2F%3Frw_session_id%3Dc94c5cf760f0dbd6c7f130132309891f6da59afb%26rw_affiliate_id%3Dvpcthreat

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.217.219.88 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-217-219-88.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,5d2311a61c705ffb6329c673c433f70f,10.0.0.234,51674,185.156.175.107,,67175336381,1,1613556176.003,0.002,,.,0,0,0.000,0.004,-,0,0,197,115,57,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 lftracker_v1_Xbp1oaEGkPy7EdVj.js Show response
sc.lfeeder.com/ Frame 9AA6 18 KB
7 KB 10ms
9ms Script
application/javascript 2600:9000:206f:7800:1f:f723:6fc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_Xbp1oaEGkPy7EdVj.js
Requested by: Host: www.removal-virusguide.com
URL: http://www.removal-virusguide.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:7800:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9d69f9fd99729bc8fb7a18e68ea33d2b3ac5b4a6106e62c840f423c808247772

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: wVjdGJESncHSPHrTKI_mZ1jky1KeLSW_
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 14:41:19 GMT
server: AmazonS3
age: 811
etag: W/"6fb145c46676e7f3f0f4ce5513d7bc57"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cache-control: max-age=3600
date: Wed, 17 Feb 2021 10:01:50 GMT
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: _OaaQFCULVCEwH4UHhmkfDV_19p2xkQqsVmpPuG5BnwqWUw52Mf4lA==

GET
H2 200 popover.js Show response
fast.wistia.com/assets/external/ Frame 9AA6 125 KB
26 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/popover.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c833076fa7f5eb06cedee21317f3767a3ac924a4ffd7b46c033b01483d5a93c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
vary: Accept-Encoding
age: 1144
x-cache: HIT, HIT
content-length: 26162
x-served-by: cache-dca17740-DCA, cache-hhn4064-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 19:39:09 GMT
x-timer: S1613556176.816041,VS0,VE0
etag: "602c1f5d-6632"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 92

GET
H2

200

collect
px.ads.linkedin.com/ Frame 9AA6
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D428537%26time%3D1613556175821%26url%3Dhttps%253A%252F%252Fwww.cybersecurity-help....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true

0
39 B

142ms
141ms

Image
application/javascript

2620:119:50e3:101::6cae:b45
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e3:101::6cae:b45 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-eda6
content-type: application/javascript
content-length: 0
x-li-uuid: FY52E8uAZBaQcu/63yoAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: PeZuCsuAZBYg+OAhLisAAA==
pragma: no-cache
x-li-pop: afd-prod-eda6
x-msedge-ref: Ref A: 461B1147CD9B493FA03F0F24D36E998D Ref B: FRAEDGE1317 Ref C: 2021-02-17T10:02:55Z
date: Wed, 17 Feb 2021 10:02:55 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=428537&time=1613556175821&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 1559634284327625 Show response
connect.facebook.net/signals/config/ Frame 9AA6 241 KB
69 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1559634284327625?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3821a4284229893f84d00e02e9c29d71c47e11e441d1729af5b7a4c95862a316

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70756
x-fb-rlafr: 0
pragma: public
x-fb-debug: 4uaJT2dVyPDghkq618IED5ITSBjmhuLnpEjzw2EcjOvwDGU07jbv1wwRxX7AKF5UP1Cf3j6j/x7FjTQwMIsHMA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 17 Feb 2021 10:02:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 421057237
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ Frame 9AA6 43 B
552 B 48ms
46ms Image
image/gif 65.9.94.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=0&frame_width=0&iframe=1&title=SpyHunter%20-%20Adaptive%20Malware%20Removal%20Tool&time=1613556175831&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&host_url=https%3A%2F%2Fwww.enigmasoftware.com%2Fspyhunter-rw%2F%3Frw_session_id%3Dc94c5cf760f0dbd6c7f130132309891f6da59afb%26rw_affiliate_id%3Dvpcthreat&random_number=14581719637&sess_cookie=b1f562b7177af7153d6d28a56ca&sess_cookie_flag=1&user_cookie=b1f562b7177af7153d6d28a56ca&user_cookie_flag=1&dynamic=true&domain=enigmasoftware.com&account=YH9Bp1IWh910Y8&jsv=20130128&user_lang=en-US
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.94.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 04:37:09 GMT
Via: 1.1 0803e66d64c794aaadfd4a88601bc68e.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 19547
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: PRG50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: B6QHeZiOEaxkNfaKUBmZ3bn8SUoW6dEazaziM1M6wIwfYPwSLxw5uQ==

GET
H2 200 get.php Show response
myaccount.enigmasoftware.com/tools/ip2country/ Frame 9AA6 84 B
508 B 280ms
279ms XHR
application/json 2600:9000:206f:5a00:17:a556:9bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.enigmasoftware.com/tools/ip2country/get.php
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1612356091
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:17:a556:9bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 (Amazon) /
Resource Hash: 189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
via: 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
last-modified: Mon, 16 Nov 2020 11:21:45 GMT
server: Apache/2.4.46 (Amazon)
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: GET, POST
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-cache: Miss from cloudfront
access-control-allow-headers: X-Requested-With
content-length: 84
x-amz-cf-id: F3GLsnl8sxjs0-p8qub5_sNQFC5IypWWIIlRvUHyPM6EzMFwqMoK2A==
expires: Thu, 18 Feb 2021 10:02:56 GMT

GET
H/1.1 200
OK widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html Show response
platform.twitter.com/widgets/ Frame 68F3 320 KB
104 KB 14ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B99) /
Resource Hash: 99adb384fd992660be76df488633e76fe86ed9bba2a7cdf143a97e03fc3ee94d

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 651400
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 17 Feb 2021 10:02:55 GMT
Etag: "d9fdaa7a36dc36e57ad53c2039f52486+gzip"
Last-Modified: Mon, 08 Feb 2021 21:19:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B99)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105677

GET
H2 204 0
bat.bing.com/action/ Frame 9AA6 0
115 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5012076&Ver=2&mid=6c9791e0-032c-49a4-b81e-6426755263c1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=SpyHunter%20-%20Adaptive%20Malware%20Removal%20Tool&kw=spyhunter,%20anti-spyware,%20spyware%20removal,%20remove%20malware,%20software,%20computer,%20internet%20security,%20online%20safety,%20remove%20trojans,%20remove%20spyware&p=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&r=&lt=2173&evt=pageLoad&ifm=1&msclkid=N&sv=1&rn=48670
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 17 Feb 2021 10:02:55 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 70E781676CA24776869304FC4101AE0F Ref B: FRAEDGE1512 Ref C: 2021-02-17T10:02:55Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 captions.js Show response
fast.wistia.com/assets/external/ Frame 9AA6 153 KB
23 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/captions.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b89cdbae6b0d4c79cce0f9f72512c847d6ae4b11acb928e4378b8b65a9e3be6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
content-encoding: br
vary: Accept-Encoding
age: 1144
x-cache: HIT, HIT
content-length: 23827
x-served-by: cache-dca17724-DCA, cache-hhn4064-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 19:39:09 GMT
x-timer: S1613556176.929032,VS0,VE0
etag: "602c1f5d-5d13"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 140

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame 9AA6 46 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNZWP93

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 4539
date: Wed, 17 Feb 2021 08:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 10:47:16 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 9AA6 44 B
101 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1559634284327625&ev=PageView&dl=https%3A%2F%2Fwww.enigmasoftware.com%2Fspyhunter-rw%2F%3Frw_session_id%3Dc94c5cf760f0dbd6c7f130132309891f6da59afb%26rw_affiliate_id%3Dvpcthreat&rl=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&if=true&ts=1613556175939&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&it=1613556175824&coo=false&rqm=GET

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 17 Feb 2021 10:02:55 GMT

GET
H/1.1 204
No Response generator.php
cybersecurity-help.com/ Frame C259 0
162 B 886ms
885ms Image
image/gif 104.238.85.58
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cybersecurity-help.com/generator.php?action_name=Entfernen%20Mystartsearch.com%20%7C%20Cyber%20Security%20Help&idsite=258&rec=1&r=680760&h=11&m=2&s=55&url=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&urlref=http%3A%2F%2Fwww.removal-virusguide.com%2F&_id=aa6ca66bf420c9a9&_idts=1613556176&_idvc=1&_idn=1&_refts=1613556176&_viewts=1613556176&_ref=http%3A%2F%2Fwww.removal-virusguide.com%2F&send_image=0&cookie=1&res=1600x1200&gt_ms=557
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.238.85.58 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-104-238-85-58.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:56 GMT
Server: nginx/1.0.15
Connection: keep-alive
X-Powered-By: PHP/5.4.45
Content-Type: image/gif

GET
H2 200 5lcrgmvmrs.json Show response
fast.wistia.com/embed/captions/ Frame 9AA6 6 KB
3 KB 112ms
112ms Script
text/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/captions/5lcrgmvmrs.json?callback=wistiajson1

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

37b47e7dee03ff029182e22c88ed5b255b26288fc3a8d69dd20d2ec43df32874

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 0
x-cache: MISS, MISS
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
vary: Accept-Encoding,X-Forwarded-Proto,Accept-Language
content-length: 2316
x-request-id: 269f8f8d40fec3fe90d7b2abdfc4620c
x-served-by: cache-dca17772-DCA, cache-hhn4064-HHN
x-runtime: 0.010367
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1613556176.009034,VS0,VE105
etag: W/"37b47e7dee03ff029182e22c88ed5b25"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: text/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 0

GET
H/1.1 200
OK 83e8151d3e511021cd9eb4266c097c0a.webp
embedwistia-a.akamaihd.net/deliveries/ Frame 9AA6 18 KB
19 KB 327ms
266ms Image
image/webp 23.32.238.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedwistia-a.akamaihd.net/deliveries/83e8151d3e511021cd9eb4266c097c0a.webp?image_crop_resized=640x360
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.32.238.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-32-238-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 947f75c601326ac45e5c84661a951be5d0f6f3ee315eeb9796344dad6f17999e

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:56 GMT
Access-Control-Request-Method: *
surrogate-key: 83e8151d3e511021cd9eb4266c097c0a thumbnail-delivery
Last-Modified: Thu, 23 Apr 2020 05:55:11 UTC
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
Cache-Control: max-age=31044288
content-disposition: inline
Connection: keep-alive
Accept-Ranges: none
Content-Length: 18750

GET
H2 200 wv07kr038v.json Show response
fast.wistia.com/embed/captions/ Frame 9AA6 3 KB
1 KB 115ms
115ms Script
text/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/captions/wv07kr038v.json?callback=wistiajson2

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

88e0b4b74cc485ed66322b0a74b75c7b793360323f436b5f5b7ebacf6ffa48c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 0
x-cache: MISS, MISS
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
vary: Accept-Encoding,X-Forwarded-Proto,Accept-Language
content-length: 1218
x-request-id: 61d2bd61eb79c17b4649a284d0d7a0c2
x-served-by: cache-dca17728-DCA, cache-hhn4064-HHN
x-runtime: 0.013730
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1613556176.048833,VS0,VE107
etag: W/"88e0b4b74cc485ed66322b0a74b75c7b"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: text/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 0

GET
H2 200 wv07kr038v.json Show response
fast.wistia.com/embed/captions/ Frame 9AA6 3 KB
1 KB 120ms
120ms Script
text/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/captions/wv07kr038v.json?callback=wistiajson3

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

51f65d387566321f65e5f367e1989cdb466b40e7b325d89fd5d43d7090b56484

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 0
x-cache: MISS, MISS
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
vary: Accept-Encoding,X-Forwarded-Proto,Accept-Language
content-length: 1219
x-request-id: df744dddfa41d182f2e8371fc61fb495
x-served-by: cache-dca17758-DCA, cache-hhn4064-HHN
x-runtime: 0.014562
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1613556176.064169,VS0,VE112
etag: W/"51f65d387566321f65e5f367e1989cdb"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: text/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 83
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 0, 0

GET
H2 200 c19da9ed97f8a6d11b85b467d5e6efcc.webp
embed-fastly.wistia.com/deliveries/ Frame 9AA6 14 KB
14 KB 83ms
26ms Image
image/webp 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed-fastly.wistia.com/deliveries/c19da9ed97f8a6d11b85b467d5e6efcc.webp?image_crop_resized=640x360
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b40e5efce201ac953a9c11d4c1b10a82f0b9df96dc7595ef5536c0584a74ea28

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
via: 1.1 varnish, 1.1 varnish
age: 1171829
edge-cache-tag: c19da9ed97f8a6d11b85b467d5e6efcc
access-control-request-method: *
x-cache-hits: 1, 1
x-cache: HIT, HIT
content-length: 14336
x-served-by: cache-dca17752-DCA, cache-fra19134-FRA
last-modified: Wed, 22 Apr 2020 09:14:57 UTC
x-timer: S1613556176.132444,VS0,VE1
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/webp
access-control-allow-origin: *
content-disposition: inline
cache-control: max-age=31536000
accept-ranges: bytes
access-control-expose-headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache

GET
H2 200 /
www.facebook.com/tr/ Frame B562 44 B
147 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1559634284327625&ev=Microdata&dl=https%3A%2F%2Fwww.enigmasoftware.com%2F%3Frw_session_id%3D51a6c0bc306ecf1ce7fc747fd36a338e884d1bec%26rw_affiliate_id%3Dportela&rl=https%3A%2F%2Fwww.cybersecurity-help.com%2Fde%2Fentfernen-mystartsearch-com%2F&if=true&ts=1613556176067&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Remove%20Spyware%20%26%20Malware%20with%20SpyHunter%22%2C%22meta%3Adescription%22%3A%22Try%20real-time%20malware%20removal%20tool%20to%20secure%20your%20computer%20and%20privacy.%20ESL%20provides%20threat%20research%2C%20analysis%20and%20removal%20instructions%20on%20the%20latest...%22%2C%22meta%3Akeywords%22%3A%22spyware%20removal%2C%20antispyware%2C%20fix%20computer%2C%20spyware%20virus%2C%20computer%20repair%2C%20malware%20removal%2C%20trojan%20remover%2C%20rootkits%2C%20windows%20repair%2C%20internet%20security%22%7D&cd[OpenGraph]=%7B%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22Remove%20Spyware%20%26%20Malware%20with%20SpyHunter%20-%20EnigmaSoft%20Ltd%22%2C%22og%3Adescription%22%3A%22Try%20real-time%20malware%20removal%20tool%20to%20secure%20your%20computer%20and%20privacy.%20ESL%20provides%20threat%20research%2C%20analysis%20and%20removal%20instructions.%22%2C%22og%3Asite_name%22%3A%22Remove%20Spyware%20%26%20Malware%20with%20SpyHunter%20-%20EnigmaSoft%20Ltd%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.enigmasoftware.com%2Fwp-content%2Fthemes%2Fdefault%2Fimages%2Fmain%2Flogo-big.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&it=1613556175454&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 17 Feb 2021 10:02:56 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 68F3 183 B
239 B 137ms
136ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=894913ae38247375b72ea399cd43a270b1debefe

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/widgets/widget_iframe.6e189c4f2b6d88c453045806323cdcf3.html?origin=https%3A%2F%2Fwww.enigmasoftware.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-response-time: 105
date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: gzip
last-modified: Wed, 17 Feb 2021 10:02:56 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: bb0b852ca53092cc09f78a06b7ab9e53
strict-transport-security: max-age=631138519
content-length: 152

GET
H/1.1 200
OK button.cf7aaea83eb75b84ae4508f0ceb5dc4c.js Show response
platform.twitter.com/js/ Frame 9AA6 7 KB
3 KB 13ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.cf7aaea83eb75b84ae4508f0ceb5dc4c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: 055dd0f1e0eae12d4587b12f516a1d7a0f858d80498823cbade9f97b5962d727

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 10:02:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Feb 2021 21:19:23 GMT
Server: ECS (amb/6BAC)
Age: 651402
Etag: "d85b930ed0bb252882372aca97f80615+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2296

GET
H2 200 spyhunter5-box.jpg
www.enigmasoftware.com/wp-content/themes/default/images/products/ Frame B562 21 KB
21 KB 46ms
46ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/products/spyhunter5-box.jpg?v=1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 747f2a573e495ec7659206ad6209a62ee2f5b92d1a2cf723ab5d9cb5e6f25e78

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:45 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42792
etag: "ef5948bce555979ae5ad3ca7d4af2cd5"
x-cache: Hit from cloudfront
content-type: image/jpeg
content-length: 21481
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: C15C24C2510154E6
x-amz-id-2: /AKUyWoNJVRtTe258ai9hllaQNtH3PF+N519Yp4fLLLiebMUtrK3m3Cz0sdBD7Rwyq8eJcdItS8=
x-amz-cf-id: CPOb6yKG_JMKvORqDHwI_gnDgKrpeDqRnKIWQG4gNEnNI35eJCOgdg==

GET
H2 200 box.jpg
www.enigmasoftware.com/wp-content/themes/default/images/products/spyhunter-mac/ Frame B562 20 KB
21 KB 42ms
42ms Image
image/jpeg 65.9.58.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.enigmasoftware.com/wp-content/themes/default/images/products/spyhunter-mac/box.jpg?v=1
Requested by: Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58339b94e45ed86d506252c26679bcbe3d1696876b64304248bbbfede764c0de

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 22:09:45 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
last-modified: Thu, 11 Feb 2021 10:29:37 GMT
server: AmazonS3
age: 42792
etag: "9d0f9e9ce9272b7696b14786e9ad9a6e"
x-cache: Hit from cloudfront
content-type: image/jpeg
content-length: 20558
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-request-id: 588E977DB95586B8
x-amz-id-2: pqu3EjLevXGxktLx9dunKZ24mMTEUR0DzAf0Ysbm0hAx3SxuR5iXtK+h+s6YgKTGVHEbIzQ2dFY=
x-amz-cf-id: fDG1b9r-vl18uhTd9ZiWJyuuUjv5UpRetYoRkvjpbQUNEOveeWEdrA==

GET
H2 200 get.php Show response
myaccount.enigmasoftware.com/tools/ip2country/ Frame B562 84 B
508 B 99ms
98ms XHR
application/json 2600:9000:206f:5a00:17:a556:9bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.enigmasoftware.com/tools/ip2country/get.php
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1613036404
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:17:a556:9bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 (Amazon) /
Resource Hash: 189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482

Request headers

Referer: https://www.enigmasoftware.com/?rw_session_id=51a6c0bc306ecf1ce7fc747fd36a338e884d1bec&rw_affiliate_id=portela
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
via: 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
last-modified: Mon, 16 Nov 2020 11:21:45 GMT
server: Apache/2.4.46 (Amazon)
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: GET, POST
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-cache: Miss from cloudfront
access-control-allow-headers: X-Requested-With
content-length: 84
x-amz-cf-id: JPWe-yP6tlG4Ybw4DQXdIVfe9ZcDeAumVeAlgDWexL1xMzkelBUEmw==
expires: Thu, 18 Feb 2021 10:02:56 GMT

GET
H2 200 playPauseLoadingControl.js Show response
fast.wistia.com/assets/external/ Frame 9AA6 52 KB
10 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/playPauseLoadingControl.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a6566dac33a2ce35a1b05992a9e6e9a022d5ff09f764ee414b21aba92f4adabf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: br
vary: Accept-Encoding
age: 1146
x-cache: HIT, HIT
content-length: 9630
x-served-by: cache-dca17743-DCA, cache-hhn4064-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 19:39:09 GMT
x-timer: S1613556176.391483,VS0,VE0
etag: "602c1f5d-259e"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 359

GET
H2 200 get.php Show response
myaccount.enigmasoftware.com/tools/ip2country/ Frame 9AA6 84 B
508 B 102ms
102ms XHR
application/json 2600:9000:206f:5a00:17:a556:9bc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.enigmasoftware.com/tools/ip2country/get.php
Requested by: Host: www.enigmasoftware.com
URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1612356091
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5a00:17:a556:9bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.46 (Amazon) /
Resource Hash: 189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
via: 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
last-modified: Mon, 16 Nov 2020 11:21:45 GMT
server: Apache/2.4.46 (Amazon)
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: GET, POST
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-cache: Miss from cloudfront
access-control-allow-headers: X-Requested-With
content-length: 84
x-amz-cf-id: x4qblBxoTcSDMPd8Vq07TUEcohTbb2je2AlNGCIRnQJLt9OZI42xpw==
expires: Thu, 18 Feb 2021 10:02:56 GMT

GET
H2 200 hls_video.js Show response
fast.wistia.com/assets/external/engines/ Frame 9AA6 303 KB
65 KB 7ms
7ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/engines/hls_video.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa980e671f3f70240997d20651495d5be76e21b7f2453ff68fb14921a9f33226

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: br
vary: Accept-Encoding
age: 1146
x-cache: HIT, HIT
content-length: 66601
x-served-by: cache-dca17774-DCA, cache-hhn4064-HHN
access-control-allow-origin: *
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 19:39:09 GMT
x-timer: S1613556176.402330,VS0,VE0
etag: "602c1f5d-10429"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 287

GET
H/1.1 200
OK follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html Show response
platform.twitter.com/widgets/ Frame 511C 36 KB
14 KB 14ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: 91daf2eee0d06da7d7615032545420fa286f0f37cc23370d14872be500c96f85

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 651401
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 17 Feb 2021 10:02:56 GMT
Etag: "7cac10b0eef8cf958f594ef8ac5852f4+gzip"
Last-Modified: Mon, 08 Feb 2021 21:19:24 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BAC)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13690

GET
H/1.1 200
OK follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html Show response
platform.twitter.com/widgets/ Frame A6AD 36 KB
14 KB 27ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.6e189c4f2b6d88c453045806323cdcf3.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: 91daf2eee0d06da7d7615032545420fa286f0f37cc23370d14872be500c96f85

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 651401
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 17 Feb 2021 10:02:56 GMT
Etag: "7cac10b0eef8cf958f594ef8ac5852f4+gzip"
Last-Modified: Mon, 08 Feb 2021 21:19:24 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BAC)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13690

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ Frame 9AA6 1 KB
2 KB 19ms
6ms Image
image/gif 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Requested by

Host: www.cybersecurity-help.com
URL: https://www.cybersecurity-help.com/de/entfernen-mystartsearch-com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Origin: https://www.enigmasoftware.com
Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 47947
x-cache: HIT, HIT
x-cache-hits: 1, 4099
content-length: 1214
x-served-by: cache-dca17725-DCA, cache-hhn4057-HHN
x-browser-version: 83
last-modified: Tue, 16 Feb 2021 20:39:46 GMT
x-timer: S1613556176.477857,VS0,VE0
etag: "602c2d92-4be"
strict-transport-security: max-age=0
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000, public
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 9AA6 0
89 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydct8oHiPw7leQ8UG

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 17 Feb 2021 10:02:56 GMT
content-type: text/plain
access-control-allow-origin: https://www.enigmasoftware.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

POST
H2 204 x Show response
distillery.wistia.com/ Frame 9AA6 0
96 B 362ms
122ms XHR
text/plain 54.209.247.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.209.247.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-209-247-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 10:02:56 GMT
cache-control: max-age=0, private, must-revalidate

POST
H2 204 x Show response
distillery.wistia.com/ Frame 9AA6 0
95 B 127ms
123ms XHR
text/plain 54.209.247.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.209.247.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-209-247-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 10:02:56 GMT
cache-control: max-age=0, private, must-revalidate

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 19ms
18ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210211&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49c1ad3623017438cf062211fc80b7249f6e7fedd1de83ca8b5bcfb8de36e14d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6465
x-xss-protection: 0

GET
H/1.1 404
Not Found undefined
www.removal-virusguide.com/ 7 KB
7 KB 4476ms
4476ms Image
text/html 192.169.203.21
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.removal-virusguide.com/undefined?1613556176844
Protocol: HTTP/1.1
Server: 192.169.203.21 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-192-169-203-21.ip.secureserver.net
Software: nginx/1.0.15 / PHP/5.4.45
Resource Hash: b5cfc762b491ae140976a4c67b72199b9dc05af5682e0cdfccdf63254a5b1c37

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 10:02:58 GMT
Content-Encoding: gzip
Server: nginx/1.0.15
X-Powered-By: PHP/5.4.45
X-Pingback: http://www.removal-virusguide.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 10:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Wed, 17 Feb 2021 10:02:56 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 06F9 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.removal-virusguide.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.removal-virusguide.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Wed, 17 Feb 2021 08:45:39 GMT
expires: Thu, 17 Feb 2022 08:45:39 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4637
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 06F9 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:15:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 2831
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 09:15:45 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
198 B 41ms
41ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210211&jk=91039473510572&bg=!mpmlmdrNAAXRs2QT0TsAKQB2-DxaKtmye2xzawRDc782vjRS3x34xRsdGpn-MQeuIb0dkGQrEpiGAgAAAGZSAAAAD2gBBwoBY1l86CioG5t_0zzGQ0UqmhxRR2nF7zeOACC6YFSzoxAFhpXqHAKX0Snt4kJjFxm28_wQ8wGlzaQRDVo5lkyaQ6TzQZuILSM1vPgvYl8IT6N3kci9MLWzlrOAVW9lxAPdUJQhsIvqhJ8v_TnPt6THUhqRVfPrz_AnqCC_5Qp23sTW1MivNxxUlShmx6Othwznpr_PT4-t-E8wuVZlWO9_p6zZSPigE42AUJeBWdgAqCsEgNIihN4qpe2gToyFxPBGg9aWi9KbCR4-CuiPGYOuZoFwlHPalwm_sGu0ynaJlC0qN2JVGlQaIQgRt6gL-hvvcI2uxnWMPY6zzGr4lNmiDjeqvcq3r4PFMlhboN4vdwOFcQn7Avr1hE4G11XCQMeKsPypenvSc3KdqVJ4mZEPoj-DXj5FYoVUMYlvumWpRBH6Bib8DFPpKG0Lm0J6DLJI6hHRJjxTqt3zSc5PGQC2KRNm5XiZAc9X252l6RsjeV5PKzj3E_1so122jf5WOlbCpjINtnH4cVww8G8gHOeuXbL_xKDQU193xEUkm_YqgeoiNJJv_0H6Mfg1HxJbWCvzhmrcBDswykdt0bekdsqGH_zsMgSWnVO1eOqq8azeNOk7JqhHbRUbqENJEpTCQwXNSZoW3zaQCLazbAD8I3hqnUbGFsHfkQajAMK5TS0Sm8kMRPkeU78_MvwlSod0sDVEy8F2KuoRFbjBIFEUC4T-dq7K-nSJY6JuuXVoLkTvAEtgJkXnlXAjZDi0wzmicmxMEG52Ys3COZdFkYMT6Cgr39kuT0tGiOp9T0er2Xo2NqgQ3EDYvnebLqZiNxz2zyTcBj3X-VX0Q3SgfR9vtvgCK_VQc1IL4pXYz5BiLB0A_-3pW-hVNz_TDi8MCH7DUOBGFoJIuZS2LN8zQr8MWbtxIuNQaK4AmGffhafzXLZFTF-K82DCfT0J9eljTSijLP0DlP4NcqjElzHRRTUPrbjDCFeRcGSsQya68z0qS6_8QEJb1MYzMXh3RSOSvjxRdDwzgSfIAowsgSiMU_ze59cwlC6CBDGjJVZIWUHdey4y2INqzMuqN5EfuVCfkSqgFR9bALy9zAqn

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.removal-virusguide.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:02:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 mput Show response
pipedream.wistia.com/ Frame 9AA6 2 B
136 B 370ms
122ms XHR
text/plain 35.173.77.57
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pipedream.wistia.com/mput?topic=metrics
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.77.57 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-77-57.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.enigmasoftware.com/spyhunter-rw/?rw_session_id=c94c5cf760f0dbd6c7f130132309891f6da59afb&rw_affiliate_id=vpcthreat
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 10:02:57 GMT
content-length: 2
access-control-allow-methods: POST, OPTIONS
content-type: text/plain; charset=utf-8

GET
H/1.1

200
OK

jot.html Show response
platform.twitter.com/ Frame 48FA
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

80 B
571 B

13ms
13ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BAC) /
Resource Hash: 90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://www.enigmasoftware.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 651403
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 17 Feb 2021 10:02:57 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Mon, 08 Feb 2021 21:20:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BAC)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 80

Redirect headers

cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Wed, 17 Feb 2021 10:02:57 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Wed, 17 Feb 2021 10:02:57 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
status: 302 Found
strict-transport-security: max-age=631138519
x-connection-hash: bb0b852ca53092cc09f78a06b7ab9e53
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 108
x-transaction: 00d7ba3d0066835c
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85FF 0
58 B 39ms
38ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=317.0000&a1=https&f1=layout_html&s1=0&d1=45.0000&i=495054774883&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F8360913908667273968%2Findex.html&gqi=y-ksYKS0Co7H1fAPxZSXoAg&qqi=CNTRopPV8O4CFcr3dwod2tAO-A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 10:03:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 20:36:07	Name: NID Value: 209=jmGKVf47ZUGY3ZDMGwSQjcOTAzcvP1-bXI6FDXB7GjSBXX6TM5tysfFXbnNVRhDIpgS2pq9dxufXCHviGuVVZ2lk1H_ub846i0ICmtg76CUG-wVlfedjY86qyrJMNDefatR8IqPhTGatW1RM4SaBJoctAk6_2zAYHcM9PzVQCyo
www.removal-virusguide.com/	1970-01-19 16:12:37	Name: _pk_ses.356.2929 Value: *
.facebook.com/	1970-01-19 18:22:12	Name: fr Value: 09EI4VvNXNSfPaMXt..BgLOnP...1.0.BgLOnP.
.doubleclick.net/	1970-01-19 16:12:39	Name: DSID Value: NO_DATA
.removal-virusguide.com/	1970-01-20 01:34:12	Name: __gads Value: ID=d0c1a8692c476180-2241d7d97fba0022:T=1613556171:RT=1613556171:S=ALNI_MZlo8bMh457sJRMa9mh1u28oDRfMg
.doubleclick.net/	1970-01-20 01:34:12	Name: IDE Value: AHWqTUmvTZeL1G4tgE-VBql4K8BJP7UgXJ_0KpgWiNNEHnAWhLwZneE8zTUhVvm6DPM
www.removal-virusguide.com/	1970-01-20 01:38:31	Name: _pk_id.356.2929 Value: 1891d36c213cd50c.1613556172.1.1613556172.1613556172.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1613036404(Line 671) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://www.enigmasoftware.com/wp-content/themes/default/js/bundle.js?1612356091(Line 671) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
apis.google.com
bat.bing.com
certify.alexametrics.com
connect.facebook.net
cybersecurity-help.com
d31qbv1cthcecs.cloudfront.net
distillery.wistia.com
embed-fastly.wistia.com
embedwistia-a.akamaihd.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
link.combocleaner.com
link.safecart.com
myaccount.enigmasoftware.com
pagead2.googlesyndication.com
partner.googleadservices.com
pipedream.wistia.com
platform.twitter.com
px.ads.linkedin.com
q.quora.com
removal-virusguide.com
sc.lfeeder.com
snap.licdn.com
ssl.gstatic.com
syndication.twitter.com
tpc.googlesyndication.com
www.combocleaner.com
www.cybersecurity-help.com
www.enigmasoftware.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.removal-virusguide.com
104.238.85.58
104.244.42.200
142.250.185.226
151.101.14.133
192.169.203.21
23.32.238.170
2600:9000:206f:5a00:17:a556:9bc0:93a1
2600:9000:206f:7800:1f:f723:6fc0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::6818:8210
2620:119:50e3:101::6cae:b45
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::200a
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:812::200e
2a00:1450:4001:827::200e
2a00:1450:4001:828::200d
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2003
2a02:26f0:7100:48a::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::622
3.217.219.88
35.173.77.57
54.209.247.25
54.244.12.37
65.9.20.8
65.9.58.70
65.9.94.30
0433a23e801e9118a2de8591fc1303a5a7fb4794ea2d6533aec35234eadd6167
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
055dd0f1e0eae12d4587b12f516a1d7a0f858d80498823cbade9f97b5962d727
058584233380be2ad1e567c7f0206f7c76e85abc8f76ba6cd4891a9a51ac5ed8
05ed5293e73d4c1cb867c5106f4ed5ee97e1ba16316f215c7f96fc05702b8dbf
0605c70cd28db215d98065ee39652e06a45ce3ffa965ae43f67902dd7a318ec4
097ba063d35c940844b4c389e99df246c114159904b43a2129fa2fa98c82f37a
0b535607ce11399efe43e729f3e198e35de26da6cb5ea0422cce42e1237b9072
0c2565beb12e40c2a54e09afbd8d3bf7eefb1dc83dd47a4cc18ed2995b360283
0e5452e376378c3bcfefc89d8f1a94ac21c2cefd7fea03b2c0ebe40b1e48d4c3
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0f723be189a450de0d2ddc0947f9b45ded42bfd1237c66c66610a007b112343e
1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13f047edc3fad34529b1afe87a10a3e1e28ad45d44cce3dc8b1deeee0cc2d4b8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482
1a3fdd2b11a89fe0818cee17467ca50b97235108a568a29e382fa5a8b1b2640e
1dbe94f24870455b60be49be9b72675f862260aa374086a786e893f59cb080b0
23ab5c071bb37b4b4e20fdcc5069f72fbd29058f3f9f5227d1e0406e49ebc96c
26d96c5b5ba1ce581a0455d18ad5681b8ae5b4275a7630f0cfa768c59cfab720
274c5c962cd8ec53ac23d6d07978901972efd7b33e2eb0d1a7222c61fb7f907d
28042224881cf05034afb1ca1de4b89b752f73f1ae68fb22fd8ebf29525d6b10
2847534dae099aab6e1ce09834d9b149429a7a8352cd0560e30ddaf3e39974c4
2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a
2d62053fa3c8232db0d89e8f79f24cd6d2d02fc14ee0c3102eeb2580326b141d
2dc95b38c17dba547c0f7b6977bd4817a0f53cf96aa3bb3eb8928b24d9966033
30b2705624958fbde4904f7528d7453ef02916de55fa9a38b7179393d2d8834e
30c20adde444e9fa895ea0cee9cbcee1d1bafa9fce35c5c805676ef13180d812
35fe3377279d21fb5a2e01f92eddc9f816cd4fac3e303ca246596104a81eba95
36908af2e4b47c0c9e6fe726203a970645dd88aacc435207d5567c6fb6fb8318
373e9e86db615eb4a95a3f42e9ecd625cddfd3a705e73a40686869787f97363f
37b47e7dee03ff029182e22c88ed5b255b26288fc3a8d69dd20d2ec43df32874
3821a4284229893f84d00e02e9c29d71c47e11e441d1729af5b7a4c95862a316
3846670fd7353acda71027ccb9251875b8b2c2619b13fad527fb4527030f9bd8
38a622d903f3d196af226cd9f4081afc5e717465d8afc40f39b6a8319be4c786
3a0d4fdbef9ee96a04eec0fc77e061a15bc084d4bb1cd297800f7e3a3377ae79
3d66b808acbda5cd6933408d3db6e642af59d44d78e92a469a639bf2399a1cfd
447d9b07c5b366798e940563561b57603067afac742399b958f6c7901f6d6a9c
44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
49c1ad3623017438cf062211fc80b7249f6e7fedd1de83ca8b5bcfb8de36e14d
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4a3ae52d3526e37040a8196cc9e7e926b8f77a57e0fc65462247f070c52485d0
4a78ef727ff6e45a19663f6c7ba9181e0460c2671aab4613ba515736182c62ae
4c7e278244eabfea1d9c1e84adbe025ef4047026374a70ab1e3d42e6fb82dadd
4ca8f7722320d5e59ac553dc60baf881d5fddc53eef14a442c8f69bc2b481a4a
4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4dd982d6d60c6c0025002eaf22cb873b00f5c02e93b4b2eb0bf6a0b0b53b5b29
4e4459bf6a2924f7e251f3f65249d280ace0be4ad0ab89e4ae0b45bd05edba16
4ef2386e4de3b28b9584fbc88cb42427053efc2d0b2d025027e0574820439716
51f65d387566321f65e5f367e1989cdb466b40e7b325d89fd5d43d7090b56484
5432ba27f5893a77913de990445ea39c992c782ac382e10cc599063ac3878aca
54504276d92644ec2aec24a21ad29b58caa20f68803c67cc65607bfa439b394c
546f668309aa4e7cef1bdd539d67a5bf5537c1a27fe31fea1c3e87b3e01c899e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
574ca5bff2b33a20e450accf2dae8a182e717f6dc82622ac1bf471e27674925f
57c3feb72fb508e47b95cd9d535e9ae3cee2f98034b416bcd04b7e1ad88d212c
582804e17569ba993f75d662428274d98698b0541ee5642a7b68994f15d7b3af
58339b94e45ed86d506252c26679bcbe3d1696876b64304248bbbfede764c0de
5895b9f8dd9044e2a020cf342499a654a26a61dee644cd403df676d55d68bc41
5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fee2a3e4db0a9b907550346569920e7ea79a4b855260d5c9d063aebd408ce52
614c628979413c313447557e9d90e9082ca8b9175d5c4a464bd6a9e6bc3a4aa7
61b8ace7107247314c20e50c240c4a6552702aa0d37dda0499b0f9f23ccea75a
63e1d0ace9c5bf2cb237da159fa8041e073a9bc54a2d0e0b24c2690eae246fc5
654595cf8b565940ef6b5765d3047af2794b13efeb6fdc661ded7f5ccf32ce0c
67a00fbdd7b0ae8a8258edc321008a3bc8203d162b77488cbe069d0a23046a6a
67c060f18df4888c8a655a1c1b042faeda176be01e89e29eea43913290d4cc45
6ea00f64b4e1b58ac8e1162060375aeb983cbc6589ef55675c999e1fc3f447d9
706d79f6a54d6df1e9d41b20fbd5acbfb5540b41fb0cc64885bfd3deca7eae90
715bb5590919337d6d2e2f677fca4e7f2f7573e4cf10d230c820e416d2ae2076
718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4
747f2a573e495ec7659206ad6209a62ee2f5b92d1a2cf723ab5d9cb5e6f25e78
74e3e658d0d44cab2421b81060a70c1f81f886906d465aa7559a5264adde5467
764c607262c6751826039256b24e1ab9e07658574e9e3b1dc792ed5b501cb7eb
779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875
7e70182a518f7843c6aa9a48dcbe72a9f48652e0a17d7951202ad8766e6f39cb
7f0931786a92de24874844a4058808dc34741a1f34f0a1e294ef8e128861ab97
83780bde4a2732329a172f17176be01e75bb8dc4e7088d0ba21a4fe544dbcc47
84b37226dd1ba126264c6b5d1369d28d6fb5fa26f7cd6f3e1458e86ff41d14e7
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
88e0b4b74cc485ed66322b0a74b75c7b793360323f436b5f5b7ebacf6ffa48c9
89c755529e4d695d5566bfd4f143f4fa976ff89edd3c98f2b1c129ddd7bf8fc6
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a76b7ffdca1d19ef49a68b64339042dd86901fb28ba9d3c1491ad40724c731c
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7
91daf2eee0d06da7d7615032545420fa286f0f37cc23370d14872be500c96f85
9406453f755774f3fe2168484ffc62ae638eaa92bbfa9dc8b56f75250ce10a3d
947f75c601326ac45e5c84661a951be5d0f6f3ee315eeb9796344dad6f17999e
999f63b56664c2d0a158e9ec76a9a784edee7eb95186e99aa1a3d440874d3da2
99adb384fd992660be76df488633e76fe86ed9bba2a7cdf143a97e03fc3ee94d
9d69f9fd99729bc8fb7a18e68ea33d2b3ac5b4a6106e62c840f423c808247772
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
9fb82b7082ae87f15859d00b4f9db8c761872f07a4506c30fc831807abfc6f72
9fffcf0cf18bd775bbce288c6c7226a771dd727c4bf1756adfc359c4c9e51d07
a0e2af2ee71f1244504b5c874399244bd67512d3cb4edfe50cca9d0d2c4ecfa3
a1211be8bca16c24f2600a0285d9c2a0d9250821d68d840899fb380a9f381260
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a6566dac33a2ce35a1b05992a9e6e9a022d5ff09f764ee414b21aba92f4adabf
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
ac5cf6ddbc922e83040bb6d386e448b0550f8e14603254d0eb5e4a92f1e66da5
ada9c0063a3e8e2173d06f9b097f4bc81828b9ca94cc8322ca19692567c321f8
aec941c2553e054adfc389e3b8242ae1b0579a718ce3f953c97866c9791c71bf
b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0
b40e5efce201ac953a9c11d4c1b10a82f0b9df96dc7595ef5536c0584a74ea28
b463dd33828f8475fbb06d0feb05a01b40be4eac3897589791384d4d07cc6b2c
b5cfc762b491ae140976a4c67b72199b9dc05af5682e0cdfccdf63254a5b1c37
b89cdbae6b0d4c79cce0f9f72512c847d6ae4b11acb928e4378b8b65a9e3be6c
b92ee367ac87c8ed581431feb27ec2d422e4a6ebb9d03ccde63059b25c1bac17
baa0834d490f5d970c71195c1757eb22e4ce65dbb8431857cd58d4467a42c5ff
bae9feda424447121f1c9f79f1f69c15e85af45700363c54a02adea7f60c4e76
bb8fa9b9142463722e91df6297bfccadd2744651cd0e5cfd26540cfaf1361062
bc6f35d495daa9024207ac02873845e08564c284a9972fbc709aa1faa2345aaa
bdbf2460fba4062eea1d28267c13ef9308cc18462388b4625a369c5928e7243e
bf478e6ce61245ce5fabef16680abbedeceb26ff23795affb40f93e247abc9a3
c34f5c51cea0ee9e05108c79c404086a24b73fbecb0999654fc9116b4c4b755e
c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
c7fbcf2cfbd07c5fcdf1c5d0eab6a4725eebf2d4dccf54da76a25236962eee53
c833076fa7f5eb06cedee21317f3767a3ac924a4ffd7b46c033b01483d5a93c4
c91e2af7df1a9d8a403108592949a68b78ccbb50c38561aeb4cd1d107ebed276
ca7803c98b63e41791ec0817a08ada42a5c4904edd6f6da43ee4e431b2030ac3
cd8587dbc3298d9bb3277f3ff8bf095b2a4811dc04de1e894905f890dad9bfec
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
d48c95e39e7dcd31ebeee1191f77770fa1cb0a4213bb84ac925406066218c841
d54294a6014df645a307b1ddcc2647e902b58333bc92a30d65ea1786d77457d2
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
daff8d867254e20c64ef4fc6cb88846839f42dc4f410bcb4cffefeb018950c55
dc15cfc7c2b7418b8ab9a19ccecf481a0285c34ce4cde6681d17ece9d668004f
defb9deed8454b628d828e03752f259bd79e2aaf7829b3d8aae003b6ff4e2d52
df8700539d6cb6b23e9f30bbf7f9cbcbdf8da17aa823c9fb053fe59f104c13d4
e2108777f41a0dfb0ddecf19e84226505b9911ad95e4d1bbc3e934c3f2bab74d
e338d950734e094e323df90d2a2f456a35f327fdd1dcd0f235fceecbb536b99a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8801c69f593daa74de98542c767d8005620a96778a1a0dcdb77fb0ed1a102de
ea5e91047fbe07156bb51af1b8ebc8b03ff36770f3d4af9fef353054db538e6e
ec4e96b11f6fcc3b3c7fedde8dd5a0dcf50dc353ec394f8a84f5e286e01c7807
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f311b5bf014e5b0a2bafb986f96603368677c1782bbef9c9fa4535853edbb70b
f32d9a317b9cfaa9064d7de5cd77815a148294d4ec2b4a5b8d05102cb382f679
f6becca4cbeca946fddc275919175e23855cdccc2d9cfc4e81037e57c3616de5
f81e7de1612fde694636d3a1fdc5ee7c6ac13d5dfaace39ed4601fe983242e73
f9e2a52ad3c2b465bac4c077658643fb7fa2a1cc627a85bc3bdb03041a44558e
fa980e671f3f70240997d20651495d5be76e21b7f2453ff68fb14921a9f33226
fda2f5240e5b600fe3f1c09b44b6a2149de1de267a22fca6b8cb41192f94359d

www.removal-virusguide.com Open in urlscan Pro 192.169.203.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

229 Requests

87 %HTTPS

63 %IPv6

27 Domains

42 Subdomains

34 IPs

2 Countries

4011 kBTransfer

10210 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

229 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.removal-virusguide.com Open in urlscan Pro
192.169.203.21 Public Scan

Screenshot
Live screenshot

Full Image

229
Requests

87 %
HTTPS

63 %
IPv6

27
Domains

42
Subdomains

34
IPs

2
Countries

4011 kB
Transfer

10210 kB
Size

7
Cookies

229 HTTP transactions
3 data transactions