memz-trojan.en.download.it Open in urlscan Pro
2606:4700:20::681a:ebc Public Scan

Go To Rescan
Add Verdict Report

URL:
https://memz-trojan.en.download.it/downloading
Submission: On August 06 via manual (August 6th 2021, 1:17:29 pm UTC) from JP

Summary HTTP 78 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 12 domains to perform 78 HTTP transactions. The main IP is 2606:4700:20::681a:ebc, located in United States and belongs to CLOUDFLARENET, US. The main domain is memz-trojan.en.download.it.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 15th 2021. Valid for: a year.

This is the only time memz-trojan.en.download.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:20:... 2606:4700:20::681a:ebc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
27	2606:4700:20:... 2606:4700:20::ac43:4a1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	104.22.52.65 104.22.52.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	95.168.168.24 95.168.168.24	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
78	24

11 2606:4700:20::681a:ebc (United States)

ASN13335 (CLOUDFLARENET, US)

memz-trojan.en.download.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.download.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2606:4700:20::ac43:4a1b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.download.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.22.52.65 (United States)

ASN13335 (CLOUDFLARENET, US)

www.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.statcounter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.168.168.24 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

dl.download.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	download.it memz-trojan.en.download.it cdn.download.it dl.download.it	380 KB
13	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	192 KB
7	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	20 KB
4	google.com 1 redirects www.google.com adservice.google.com	830 B
4	gstatic.com fonts.gstatic.com www.gstatic.com	88 KB
2	googletagservices.com www.googletagservices.com	65 KB
2	google.de www.google.de adservice.google.de	960 B
2	google-analytics.com www.google-analytics.com	19 KB
2	statcounter.com www.statcounter.com c.statcounter.com	14 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	googleadservices.com partner.googleadservices.com	657 B
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
78	12

	Domain	Requested by
32	cdn.download.it	memz-trojan.en.download.it cdn.download.it
7	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	pagead2.googlesyndication.com	memz-trojan.en.download.it pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
6	memz-trojan.en.download.it	memz-trojan.en.download.it cdn.download.it static.cloudflareinsights.com
3	www.google.com	1 redirects memz-trojan.en.download.it tpc.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	www.google-analytics.com	memz-trojan.en.download.it www.google-analytics.com
2	fonts.googleapis.com	memz-trojan.en.download.it googleads.g.doubleclick.net
1	dl.download.it	memz-trojan.en.download.it
1	www.gstatic.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de	memz-trojan.en.download.it
1	c.statcounter.com	www.statcounter.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.cloudflareinsights.com	memz-trojan.en.download.it
1	www.statcounter.com	memz-trojan.en.download.it
78	20

This site contains links to these domains. Also see Links.

Domain
www.iubenda.com
en.download.it
download.it
es.download.it
fr.download.it
de.download.it
br.download.it
nl.download.it
in.download.it
id.download.it
ar.download.it
th.download.it
tr.download.it
pl.download.it
kr.download.it
jp.download.it
fa.download.it
ru.download.it
sw.download.it
my.download.it
ph.download.it
se.download.it
si.download.it
dl.download.it
pkhex.en.download.it
nintendont.en.download.it
draw-io.en.download.it
einthusan.en.download.it
pix2pix.en.download.it
waifu2x.en.download.it
lichess.en.download.it
ultraviewer.en.download.it
agario-bots.en.download.it
scptoolkit.en.download.it

Subject Issuer	Validity	Valid
download.it Cloudflare Inc ECC CA-3	`2021-04-15` - `2022-04-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-13` - `2021-11-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh

This page contains 7 frames:

Frame: https://dl.download.it/US/memz-trojan.zip?st=LA_chCN_avY7mFgop5s18Q&e=1628266630
Frame ID: A484483A4A53CF0BF66C8669F690BDC9
Requests: 58 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210803/r20190131/zrt_lookup.html
Frame ID: 92ED0272B9D880860D6298917285B5C1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&adk=1812271804&adf=3025194257&lmt=1628255830&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830813&bpp=2&bdt=249&idt=123&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6136645567773&frm=20&pv=2&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=142
Frame ID: 261834E59FD031C50DAC48FBA17A74AC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175
Frame ID: 0EE24784E6E0E456D021E357093215D9
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BD9E7606507043F65460C06210372EDA
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F89FFD5837B82AE06E8009662B2FE203
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0A0463A3EFC757768E4F46FA37299A8E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

78
Requests

100 %
HTTPS

87 %
IPv6

12
Domains

20
Subdomains

24
IPs

4
Countries

786 kB
Transfer

1773 kB
Size

7
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://www.iubenda.com/privacy-policy/7900308
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://en.download.it/
Title: Download.it

Search URL Search Domain Scan URL

URL: https://en.download.it/windows
Title: apps

Search URL Search Domain Scan URL

URL: https://download.it/us
Title: movies & shows

Search URL Search Domain Scan URL

URL: https://en.download.it/android
Title: Android

Search URL Search Domain Scan URL

URL: https://en.download.it/mac
Title: Mac

Search URL Search Domain Scan URL

URL: https://download.it/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://es.download.it/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.download.it/
Title: Français

Search URL Search Domain Scan URL

URL: https://de.download.it/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://br.download.it/
Title: Português

Search URL Search Domain Scan URL

URL: https://nl.download.it/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://in.download.it/
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://id.download.it/
Title: Bahasa Indonesia

Search URL Search Domain Scan URL

URL: https://ar.download.it/
Title: العربية

Search URL Search Domain Scan URL

URL: https://th.download.it/
Title: ไทย

Search URL Search Domain Scan URL

URL: https://tr.download.it/
Title: Türkçe

Search URL Search Domain Scan URL

URL: https://pl.download.it/
Title: Polski

Search URL Search Domain Scan URL

URL: https://kr.download.it/
Title: 한국어

Search URL Search Domain Scan URL

URL: https://jp.download.it/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://fa.download.it/
Title: فارسی

Search URL Search Domain Scan URL

URL: https://ru.download.it/
Title: Русский

Search URL Search Domain Scan URL

URL: https://sw.download.it/
Title: Kiswahili

Search URL Search Domain Scan URL

URL: https://my.download.it/
Title: Melayu

Search URL Search Domain Scan URL

URL: https://ph.download.it/
Title: Tagalog

Search URL Search Domain Scan URL

URL: https://se.download.it/
Title: Svenska

Search URL Search Domain Scan URL

URL: https://si.download.it/
Title: Slovenščina

Search URL Search Domain Scan URL

URL: https://en.download.it/windows/development-software
Title: Development software

Search URL Search Domain Scan URL

URL: https://dl.download.it/US/memz-trojan.zip?st=LA_chCN_avY7mFgop5s18Q&e=1628266630
Title:

Search URL Search Domain Scan URL

URL: https://pkhex.en.download.it/
Title: Pkhex Program license: Free Open-source code modifier created via GitHub that lets users modify GameCube and 3DS Pokemon files

Search URL Search Domain Scan URL

URL: https://nintendont.en.download.it/
Title: Nintendont Program license: Free A Wii Homebrew Project to play GC Games on Wii and vWii on Wii U

Search URL Search Domain Scan URL

URL: https://draw-io.en.download.it/
Title: Draw.io Program license: Free Simple program for drawing quick but comprehensive diagrams of all types

Search URL Search Domain Scan URL

URL: https://einthusan.en.download.it/
Title: Einthusan Program license: Free Plex Media Server plug-in designed for Einthusan website (Indian/Hindi) movies

Search URL Search Domain Scan URL

URL: https://pix2pix.en.download.it/
Title: Pix2pix Program license: Free A free streamlined Windows 7 program that handles imagine to imagine translation very well

Search URL Search Domain Scan URL

URL: https://waifu2x.en.download.it/
Title: Waifu2x Program license: Free Photography software designed to enhance the artistry of anime images via noise reduction and scaling

Search URL Search Domain Scan URL

URL: https://lichess.en.download.it/
Title: Lichess Program license: Free An online chess server where you can test your skills against AI or other players

Search URL Search Domain Scan URL

URL: https://ultraviewer.en.download.it/
Title: UltraViewer Program license: Free An alternative to the popular application Teamviewer, this application allows users to access computers remotely

Search URL Search Domain Scan URL

URL: https://agario-bots.en.download.it/
Title: Agario Bots Program license: Free The aim of the project is to create a bot that can play Agar.io

Search URL Search Domain Scan URL

URL: https://scptoolkit.en.download.it/
Title: Scptoolkit Program license: Free An input driver for Windows that allows users to play games online with a PlayStation controller

Search URL Search Domain Scan URL

URL: https://en.download.it/contact
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.iubenda.com/privacy-policy/61913038
Title: Privacy policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

78 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request downloading Show response
memz-trojan.en.download.it/ 30 KB
7 KB 94ms
63ms Document
text/html 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e51e6e21c0bf188de6ced1e35713b56473ecac09dd4389f0b1172dc5c7fd93f6

Request headers

:method: GET
:authority: memz-trojan.en.download.it
:scheme: https
:path: /downloading
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-type: text/html;charset=UTF-8
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4TzOUFqcqDUmg3pZ%2BYv%2Ba6uyObsFL6NxAdz75Ojib5vBjheTX0JscxUg0lU6mFMPGTFg7yOPVe6er3a6crFMJuQk4JXJjGQOC5e3Yv1Anc%2Fd3pfiOq4nJrIxmS%2FlYMzo4MZOQLFdvrdEzRgoWn9hQjBQ6Xlhd0r%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67a88b3c9dad1786-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 2 KB
555 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Dosis:400,600&display=swap

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a5e9d557299a022ee09b50d4119ec776d86274688b3c9b51d6cac0e47d7db0e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 12:25:48 GMT
server: ESF
date: Fri, 06 Aug 2021 13:17:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Aug 2021 13:17:10 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
cdn.download.it/dit/js/ 86 KB
32 KB 60ms
26ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/js/jquery-3.4.1.min.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2141300
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"15851-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UAehMrJEuM%2FjFAJk%2FHK%2FV7Tymw1w8R9WKEQNtsaq8HsyQyB7OMH15MaQbtICjRJyhUN%2Bn55seOJXd4FSORynpJptsEEuz%2FqLoisgpYYxriCrHbonDdiWNa80izbGOaMY1noL1ehzL1KdNNbag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d4f9d4e8c-FRA
expires: Wed, 11 Aug 2021 18:28:50 GMT

GET
H3-29 200 popper.min.js Show response
cdn.download.it/dit/js/ 21 KB
8 KB 36ms
18ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/js/popper.min.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1218813
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"5309-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Utt9BT9uJZHLMh8l6%2BZ2DoXvGJT1Kwszo%2B%2BGFMKvgLCnaxIYq%2FPpReHTXKR%2BNKerRoWjNRDlla2FBRHUXVq0Iy%2B2kGU%2BkspjYXJ0ZtuLc3eJGpSWLBN3veLL5O0TJ%2F7ojXWpeAQ4kIEc2loj1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d9e844a67-FRA
expires: Sun, 22 Aug 2021 10:43:37 GMT

GET
H3-29 200 bootstrap.min.js Show response
cdn.download.it/dit/js/ 59 KB
17 KB 41ms
24ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/js/bootstrap.min.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2141300
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"ea6a-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9he2wHVphhxOsJU%2FThBPDGgKnxehS%2FFLQCBW9YCjYPLQsd9IJnJCdSyFIM%2BiHngWl%2BEKBU0DaYvgxlgKnN8%2B1TDmOKNwQqgu4dmo7IiiJ37NX8sfKk5RGXteJVbawcGn1sF3eWNWiJIRfKOeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d9e854a67-FRA
expires: Wed, 11 Aug 2021 18:28:50 GMT

GET
H2 200 bootstrap.min.css
cdn.download.it/dit/css/ 156 KB
25 KB 65ms
32ms Stylesheet
text/css 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/css/bootstrap.min.css
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2137346
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"26f1b-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8B5lqZyRVIfEdkDU515mQvEziQSMrzrQuyI8egNCgz15UQGsws8QsjOj4o%2BjxeB09aoQ9kvxa%2BRDm5K8ANU0CeBcSBOUrEp69llT%2BoCL8ZgWHeTJ%2F4VDdyQF9QkaTJLgRbI9HCqGgE198b2C3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d4f9a4e8c-FRA
expires: Wed, 11 Aug 2021 19:34:44 GMT

GET
H2 200 hover-min.css
cdn.download.it/dit/css/ 93 KB
7 KB 39ms
27ms Stylesheet
text/css 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/css/hover-min.css
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"17432-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5M5AKQhwESsy1IdTWDoYhDhHvC2XZCas196eVmtpK3pIoHxHbGN8cojY16cvCStG8i035z%2B8oFx6eL65enn8TMMGrcvhF7KLEZ7%2BYEKQGayHh%2FwERRh%2BrIzIMMeDt4VUpsnjwn6vuD%2BtD18oNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d2ed81786-FRA
expires: Wed, 11 Aug 2021 18:12:12 GMT

GET
H2 200 all.min.css
cdn.download.it/dit/fontawesome/css/ 57 KB
13 KB 37ms
25ms Stylesheet
text/css 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/fontawesome/css/all.min.css
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"e4d2-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcN27GtQE3umqFKpmvM8%2FO9MSQLXJaz5KDgZG8dk82EmqG%2BIGwoHmCMFYFhBzRBru4BDC4mg2DKZon510entN8fG2AkYwY51GTXX%2BgxesgOnFPUS011N21SlxhCprzCNOpqH4cJgN1bwxhgrNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3d2ed51786-FRA
expires: Wed, 11 Aug 2021 18:12:12 GMT

GET
H2 200 main.css
cdn.download.it/dit/css/ 9 KB
3 KB 44ms
33ms Stylesheet
text/css 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/css/main.css?v=1627662961422
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39c592f08901ee4295d3895e452970046d6e3e6d3f66116c490e7be57c94447f

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 592643
cf-polished: origSize=9412
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 19 Jul 2021 15:42:06 GMT
server: cloudflare
etag: W/"24c4-5c77bc78e55b1-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3ev4YiIVw4Bizbhbm1BUAtoQ8Qiri81rYF9PsaKpD1NZMCaUlus0p9Zy9WoaWg0yZgSMqqwhQYmB2U6epG8aszPFYpRPB2VGjXMURLX3mlsb8VnN07Nw%2BBtccAqBY6ebiVmQZ%2FuXrb0RyM58g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
expires: Sun, 29 Aug 2021 16:39:47 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3d2edb1786-FRA
cf-bgj: minify

GET
H3-29 200 search-header.js Show response
cdn.download.it/dit/js/ 416 B
874 B 68ms
40ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/js/search-header.js?v=1627662961422
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec47e6472651559ca723a66ef956e8b17527d80edc59644be04633abf4516786

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 592625
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 03 Aug 2020 13:04:58 GMT
server: cloudflare
etag: W/"1a0-5abf8c91e5280-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iC4XwttvCbxgnkAVafYvVCMjjFEu2ci8UdiTjGeC5GWq8PcUp%2BIpgOu0dD9A1DfUAe54XkxXIAI7ovAi2VocOL4RwlvAjRvoqI9JJl5Y93focdkpmVJUavCqlDyurxMieo6L35wbmp%2FrS94Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3dbc3016ee-FRA
expires: Sun, 29 Aug 2021 16:40:05 GMT

GET
H2 200 cookie-consent.css
cdn.download.it/css/ 2 KB
1 KB 40ms
29ms Stylesheet
text/css 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/css/cookie-consent.css
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd6e54205b676ae77ad3a871d8a7f6225071468451108dffa28bf734d04aea97

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142280
cf-polished: origSize=2367
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 23 Aug 2016 15:14:59 GMT
server: cloudflare
etag: W/"93f-53abea0d3b743-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hpjLTXWE4Yy9PovwLmPmKVw%2BLMQjNuCVBGlrGTTyavLTck6%2B0J7TUeU7%2FN26Y9F4P%2F0tzooaqh35zAhRQ%2BrcpvySJCZeBO%2FsB8UJeUA28d1St3RhlrxoAqjTC8s4tg8ymeKV9GbZ5SRq0HQU3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 11 Aug 2021 18:12:30 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3d2edc1786-FRA
cf-bgj: minify

GET
H3-29 200 cookie-consent.js Show response
cdn.download.it/js/ 2 KB
2 KB 91ms
64ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/js/cookie-consent.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9ccf96d28b2debbe29c1eb1600250f24046faa7af4ef233eb5fa71dfa920d35

Request headers

Referer: https://memz-trojan.en.download.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142280
cf-polished: origSize=2312
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 30 Dec 2020 19:41:44 GMT
server: cloudflare
etag: W/"908-5b7b3b26bf0c1-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3r5GgQDb8bK30TdC6CK1%2F2kHQXlsY3J2ZjYn8gYlG8X3IzGUlc5JWCojURhjpnf7Sbl1PzY4LxmgCVYiRD%2FKYg%2F1YsYQ8NQtJoszzNCDCbeTLnaig9c3Mv0ULfJZuZMwNVg47wxvIGEbIEF1Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 11 Aug 2021 18:12:30 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3dbc2216ee-FRA
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
48 KB 30ms
23ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81c7685af96badd81fad41fff2e20d53306a6b33c8662ca5821ba36622f6b4f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49445
x-xss-protection: 0
server: cafe
etag: 14869471898732562513
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 13:17:10 GMT

GET
H3-29 200 jquery.md5.js Show response
cdn.download.it/js/ 4 KB
2 KB 69ms
41ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/js/jquery.md5.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c8ce6c1372920d818248559a28470c6152e5e0be4ca1f45dfb923c34808d21a

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142296
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 01 Sep 2014 14:38:01 GMT
server: cloudflare
etag: W/"f18-50201f3240440-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CL7P6yT9vRuJhDVkSdBtss0ujPwVJXoGUXILGatKFwJ9A6CzMEc66bShEEjO3IujoqJlVdJ6mQ%2BvNjKAsgBnk6eW0mlwIPh3VuwwljqQUIbBU7H%2F%2F4VR4kFYtSmM2SUOpFdPnWSKPYCths17A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3dbc3116ee-FRA
expires: Wed, 11 Aug 2021 18:12:14 GMT

GET
H2 200 jquery.raty.css
cdn.download.it/dit/raty/ 814 B
744 B 34ms
23ms Stylesheet
text/css 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/raty/jquery.raty.css
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc9b0a9e93b06fb941064e6d5d44d0f140deca481ba0f2fed2da938a81068bc0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142296
cf-polished: origSize=973
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"3cd-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i0du9fu5n36KoMkeF4reBgAxPzEf%2BGmmgJn3FIltWNhjoS2gGtPr7Bfn9g8bDXmwImK9fitlefJ99ZBUgUT5MPEuiITiKiTMoNdnA2J%2FpQYTRew2ZZgET%2FbId2fl%2BbzRdKKz7%2BO5r%2FQVVJcyWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
expires: Wed, 11 Aug 2021 18:12:14 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3d2ed71786-FRA
cf-bgj: minify

GET
H3-29 200 jquery.raty.js Show response
cdn.download.it/dit/raty/ 13 KB
5 KB 61ms
35ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/raty/jquery.raty.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb5112588a752ef36a064ece2242fe849bfbb90c333608d4515c4d34bbb81a60

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142296
cf-polished: origSize=19307
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"4b6b-5ab82921c9c40-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkd7cLVm%2BHXD3sF7ZaXhJN0OGgLJHUcvvM2SemCA%2FyqbZxOurM0%2Bac8teHz2QsCH4Xrn58E0S29tJ9ZJNJyUC0xV75EqGGy2SQzwWgism3MYgS0MEQg6%2BHX3jreFQ16zCFa6avdoCQxnf62vaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 11 Aug 2021 18:12:14 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3dbc1d16ee-FRA
cf-bgj: minify

GET
H3-29 200 href-button-populator.js Show response
cdn.download.it/js/ 1 KB
1 KB 62ms
35ms Script
application/javascript 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/js/href-button-populator.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aad9366ca41d12eede03015584a490d00cb7be7df80bd51596a5dc476b97fda3

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142291
cf-polished: origSize=1185
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 22 Jan 2019 09:21:49 GMT
server: cloudflare
etag: W/"4a1-5800881d108bb-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgXEvSb0m5xs3V0Of5%2FZ6EpBpTfOHTbc7rzmG1hnYavNb4n5%2FxSjRGdbofb6myJy3DadUzIVQ3qvm8j1sYQfNlCQiwL71Xz2S6VK30R1KvD6F0oAbO7hlZYNoJ56cxJ4s%2BHEzAS%2BfzxUIGjLcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
expires: Wed, 11 Aug 2021 18:12:19 GMT
cache-control: max-age=2592000
cf-ray: 67a88b3dbc2516ee-FRA
cf-bgj: minify

GET
H3-29 200 api.js Show response
memz-trojan.en.download.it/cdn-cgi/bm/cv/669835187/ 35 KB
10 KB 76ms
11ms Script
text/javascript 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://memz-trojan.en.download.it/cdn-cgi/bm/cv/669835187/api.js

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/bm/cv/669835187/api.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: memz-trojan.en.download.it
referer: https://memz-trojan.en.download.it/downloading
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvES3bMfiM4sjCNFnkYeN9bhuAJWjdp6MZC1tsyeDu0X6rxwLHh%2FsXFIiAul%2F%2BTFBNsiOvXOq4g1yQlLuEGetAaxa7ncaUdjreBJhTPqemrjwN8zQ4rHO0V68UR%2Fcn5Dhwnmh2h73ZIihzerih17g2aOOqIJeE05"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
cf-ray: 67a88b3df8a31782-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 maglass-blue.svg
cdn.download.it/dit/images/ 258 B
806 B 66ms
40ms Image
image/svg+xml 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/dit/images/maglass-blue.svg
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 307238fd564ccf483e9503989f781d89c45525f80dec2bb3e80a9ad70fb37ba2

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142295
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"102-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=927SMBhCFb5OBXSV0O4ME7dVKSJ0EHUyfSEML83hXnwVgw8xo1g%2F2c4GRhvRpUETUdJKL1F2sacOaIiOx86HC2rgnjTgzKr9ol4Mxfaqj%2Bd%2BqxsW0zqbL0r6BjrlZzR09jLj3qSUU7Gee5qhJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3dbc3516ee-FRA
expires: Wed, 11 Aug 2021 18:12:15 GMT

GET
H3-29 200 maglass-white.svg
cdn.download.it/dit/images/ 276 B
814 B 60ms
35ms Image
image/svg+xml 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/dit/images/maglass-white.svg
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38afa88926f69f684e93ac9023338100a57b9424cedf63f7ee73b1202c98eead

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2142296
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"114-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYEwcWWXBuPkLNAkJBfKWA8UVaNjxdYFZ3MQLsYBrvbzygcNLc6WO9i2Kn5rTSqh30%2Bzqhp%2BOcJpKIJgalFVT8vMis7E6RFHUGW%2Bfc1f3h5Gi2Q8vqw387zzhRFb9H6f3XxET%2Fkcq0WWxlsJrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3dbc2016ee-FRA
expires: Wed, 11 Aug 2021 18:12:14 GMT

GET
H3-29 200 burger-21.png
cdn.download.it/dit/images/ 122 B
812 B 59ms
35ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/dit/images/burger-21.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 208b2bed8945d835348d0318bb7c4f8c83ef92494efbe5801a527891490efd09

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 156573
cf-polished: origFmt=png, origSize=242
content-disposition: inline; filename="burger-21.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 122
last-modified: Thu, 06 Aug 2020 09:54:31 GMT
server: cloudflare
etag: "f2-5ac32798a43c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vh6mM5OaVD9TyYrBE9nQFZHSZ7G1tM%2FmtSfKYEtLfySJJZpdNKvDBUFT6LM8hNZyM%2BoL8VBr4aLuEVslPnVcEaeXuUT%2BxHaJueGXZnZ1Eed2KLZvWWLaE6WGEHb8uwdEoX5bJUNiz6i3P3JUNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 03 Sep 2021 17:47:37 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0916ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 memz-trojan-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 59ms
35ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/memz-trojan-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 147826
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="memz-trojan-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 19:47:58 GMT
server: cloudflare
etag: "1c7e-5c679b2e9599c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sdXtVUXG30fE9KZ0OCGihwLiKSPZOYN%2BKDMHek1AZGvTX1SkDT7hXbc7xaN9AMchmN5UsIoc%2BrGRgUadOfc16rMXGA7C7BJNl5jwrwMCoGKUFLtFGL2AUk8lhgrXGN0u74BnqTlk%2FXr6%2BKRyhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 03 Sep 2021 20:13:24 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc1116ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 pkhex-100x100.png
cdn.download.it/gen/ 3 KB
4 KB 50ms
27ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/pkhex-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1222447
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="pkhex-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 19:58:46 GMT
server: cloudflare
etag: "1c7e-5c679d98d74e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WiU1htQLApC1ZeI0uPO9pDMLachOx7POijA%2BwU0fLfu2%2BDevAUp7voDQ5V7eggXpFOBRMA1lKlwj5jky7KcUUp2yuPNzuoHTcVIZ8qWsdPMkWeUznXkjaD6ObtpPyNvvBp8BA4nq6KT3j51aA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 09:43:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0416ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 nintendont-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 70ms
45ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/nintendont-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1222458
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="nintendont-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 19:53:38 GMT
server: cloudflare
etag: "1c7e-5c679c731025b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ety%2BiD2iOILeX4B%2BiRLHz19Gm1%2BCYeggg1CxXGw4LUcrf%2Bx24FShG89VzLM%2BvbDF9ICSSeZZkSCyRoAph%2Betk2NN6xl9l3l%2FYOjQ6aWxwPBZOfs2zWTlGQV%2Fk18xEWWFjb9c%2FqInvoxhGe1%2FHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 09:42:52 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc2e16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 draw-io-100x100.png
cdn.download.it/gen/ 2 KB
3 KB 50ms
27ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/draw-io-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e7359f7913dc17fe2545e918775e6ddf978c4f1f45c81cdba14e4f03754149e

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1222447
cf-polished: origFmt=png, origSize=3859
content-disposition: inline; filename="draw-io-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2228
last-modified: Tue, 06 Jul 2021 19:23:50 GMT
server: cloudflare
etag: "f13-5c6795c9b41c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mS7mxbwpFvJ2P9M2j7hhDYp9ZfoAtbFbrTs1APsyRnhPdPbLocRFuMmielNk8hKSDC86Cv%2F9BL5tzKiN2CMkVr6mI2uVf2Ny9Vwq9sBVeNP0ojzQHybtXboirOcRextzo%2BlSY8l6MeJOw3tthw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 09:43:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0716ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 einthusan-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 64ms
39ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/einthusan-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 714247
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="einthusan-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 06:08:43 GMT
server: cloudflare
etag: "1c7e-5c66e4108eb65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZdR96Z4e652aOm13rNETOxSVCc8f7OMDjNqgNOY7D0lUVS3TKcCuWbURIhwGWWfvDH9jhhNx0w3%2BUwKbEGefQQHHETIZrIDN04x7cr8ri1lgP6gN9jLF2CzvdGMymKm29YYbH5s3QSNm1llbPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 28 Aug 2021 06:53:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc2916ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 pix2pix-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 64ms
40ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/pix2pix-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1222447
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="pix2pix-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 19:58:37 GMT
server: cloudflare
etag: "1c7e-5c679d9043fd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOp9OZvcyzC9K3LiZEVPD9IPfHEw1fcwoQx92qDe1hTy4GLTQhIjLbOY1z8KvSDRedXw%2F%2FUQvwx986he4Kon19QyS5isGtBrBGuz2qQvUml3QbhJroxk2BakMfwanUvGKWLIvL2T9upCW%2FIEpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 09:43:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc2c16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 waifu2x-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 63ms
40ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/waifu2x-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11110
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="waifu2x-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 20:19:56 GMT
server: cloudflare
etag: "1c7e-5c67a253d86ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hncy%2BIaeNWlb%2BAL7sm79kRv%2F6PxGPxDDD8rMFs53cKdAbCVYA6KScA0Ea21sABOsMfr8k09yZ5i%2FaGBQi5MOhcXXxYQN8GjPMaaOXACvrkHSk1j1QhI%2FupkfnnGYuAjMxUGp%2BG2z6aNPvhnDaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 05 Sep 2021 10:12:00 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc1a16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 lichess-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 57ms
35ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/lichess-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3572
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="lichess-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 19:44:55 GMT
server: cloudflare
etag: "1c7e-5c679a80021e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jut3wXtIJ%2FJIlGKf4tFx%2Fk3p91q0%2B4kKAVeT5U4ixvDS%2Fzi5kJV5cnOhL2CPUjBT7H5FbSXZtXJjmGZeh5%2Fxy1u1apmkG%2BFFl1xLHFIzgSkXEL9Y2YyRNXlVVVcoN7g9309Qk4KqwNpa3urEEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 05 Sep 2021 12:17:38 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0c16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 ultraviewer-100x100.png
cdn.download.it/gen/ 6 KB
6 KB 49ms
27ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/ultraviewer-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 118decffeba7afb71d9e354564c6ecfebc7e38a364f6b5d132db31ba694ddf01

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 847392
cf-polished: origFmt=png, origSize=8333
content-disposition: inline; filename="ultraviewer-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5824
last-modified: Tue, 06 Jul 2021 20:17:22 GMT
server: cloudflare
etag: "208d-5c67a1c0c9e25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R75wQ7TNbSnhlgwc2E8FZWWIB2Cf1K6uJTumJ6VqKueJyfHIsO2aBA1ZOLRIWWSN45EeJ99me5nKSix59vj6h5H840s9iLNV9aJrvBxR15fLkQvK1zMtl5z1EgJzxCu%2FvtipcPmtkQKnbDTZjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 26 Aug 2021 17:53:58 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0216ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 agario-bots-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 56ms
34ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/agario-bots-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1222447
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="agario-bots-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 04:39:23 GMT
server: cloudflare
etag: "1c7e-5c66d018fef5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cuS%2FHtUursTcIZvaegla4glt5yN2Ifn9%2FybODNIRxj79ZzPynMPvsk2dnHOflBlYxBSboj8UJWEQDm3DJlh8wEZEEgQjiPfulD6dGnXmNpXLgqSPLt6vVcSqNzKzYwfVmtt1Ot385SGgbvwTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 22 Aug 2021 09:43:03 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbbff16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H3-29 200 scptoolkit-100x100.png
cdn.download.it/gen/ 3 KB
3 KB 50ms
28ms Image
image/webp 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.download.it/gen/scptoolkit-100x100.png
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 101080
cf-polished: origFmt=png, origSize=7294
content-disposition: inline; filename="scptoolkit-100x100.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2858
last-modified: Tue, 06 Jul 2021 20:04:41 GMT
server: cloudflare
etag: "1c7e-5c679eeb413dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfMkhjc5JH8JFLpjvk5iy%2FkdCRAnbdvdz%2BSC1Ammh2yRR3%2BNkdDHXdaZjT5Vud%2Fa5bipngn%2FWsIU9hNeV1dANCPfm1IpqeQ05WnAlAaP8v7WNC1mJ0P9a8vtBSBjV5aEvU3kRkxF%2Frf4j0k2GA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
expires: Sat, 04 Sep 2021 09:12:30 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbc0f16ee-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 counter.js Show response
www.statcounter.com/counter/ 38 KB
13 KB 123ms
62ms Script
application/x-javascript 104.22.52.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.statcounter.com/counter/counter.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.52.65 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bd4667051083414e6918c646422069fdd0292fb55aff0e8b807ec4fbb496c09

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 08 Jun 2021 08:51:42 GMT
server: cloudflare
age: 14846
etag: W/"60bf2f9e-9987"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=43200
cf-ray: 67a88b3e1ed3caf4-ARN
expires: Fri, 06 Aug 2021 21:09:43 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 25ms
22ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 17:24:20 GMT
server: cloudflare
etag: W/"5753bdd2-d310-49fa-bd2b-065a8e512116"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 67a88b3d9c054db8-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 6036
date: Fri, 06 Aug 2021 11:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Fri, 06 Aug 2021 13:36:34 GMT

GET
H3-29 200 35117E_0_0.woff
cdn.download.it/dit/fonts/ 47 KB
48 KB 25ms
24ms Font
application/font-woff 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/fonts/35117E_0_0.woff
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/css/main.css?v=1627662961422
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1826c77619422cbfc2d6c86317f35c583411abd2f75de81a7ee8bb309cd9135

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://cdn.download.it/dit/css/main.css?v=1627662961422
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 111229
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"bc70-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNOiLPw%2FPya1vuHF0jKT2cjL2VkN5Tgu5PU7%2B%2BtYaqymL%2F7%2Fa1BJrHLjsJOQZ6r2dscdrVtDaM9mQs7bBz6BGTNVFtMMRwmlA92JBfkJYodhts1bNludzNVNjRqo9VYfMOBnfjG4UROAK9lnoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3dbec34a67-FRA
expires: Sat, 04 Sep 2021 06:23:21 GMT

GET
H2 200 HhyaU5sn9vOmLzloC_U.woff2
fonts.gstatic.com/s/dosis/v19/ 34 KB
35 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dosis/v19/HhyaU5sn9vOmLzloC_U.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Dosis:400,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f8f42940da5d7ddbb153b18c0bda9bfa9e56d66be5e3169289973af1c01442b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 13:52:16 GMT
x-content-type-options: nosniff
age: 257094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35324
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:23:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 13:52:16 GMT

GET
H3-29 200 fa-brands-400.woff2
cdn.download.it/dit/fontawesome/webfonts/ 75 KB
75 KB 20ms
20ms Font
application/octet-stream 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/fontawesome/webfonts/fa-brands-400.woff2
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/fontawesome/css/all.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://cdn.download.it/dit/fontawesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2126750
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 76612
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: "12b44-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iLPr8p3aLtWh%2BOByJJKZd9y0OPbevxmbLXSrM3waX3uIvgO4q5RUKARL3MRMgnhp8tGVN94EhOTdmHf6bji8tAlvfg8q%2FNiUNdnb2KphElmTG%2BjeJJMrkvJSTw9WI%2BM3etK9qsacXcnhRGdGrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbec84a67-FRA
expires: Wed, 11 Aug 2021 22:31:20 GMT

GET
H3-29 200 fa-solid-900.woff2
cdn.download.it/dit/fontawesome/webfonts/ 78 KB
78 KB 16ms
16ms Font
application/octet-stream 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/fontawesome/css/all.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://cdn.download.it/dit/fontawesome/css/all.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2137344
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 79444
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: "13654-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lA1NraMPPMkhXvB%2F1PlWxP%2FtgkIvNYSvcDZVxbsOmq%2BtT98Ke1ThfxFdZxLADhwnqINp7BaVuTb5UfnXKT7ENBMPbWL06OjJpOHieKPvCV8ruLZaFZ6wlk2qyjlraukrLuCsBYw4TNhRaHsLUA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 67a88b3dbec94a67-FRA
expires: Wed, 11 Aug 2021 19:34:46 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=697500892&t=pageview&_s=1&dl=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&ul=en-us&de=UTF-8&dt=Memz%20Trojan%20%E2%80%94%20Downloading&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1678140925&gjid=1122774046&cid=2030300197.1628255831&tid=UA-30374496-1&_gid=1051876758.1628255831&_r=1&_slc=1&z=579155565

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 13:17:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://memz-trojan.en.download.it
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108040201/ 250 KB
93 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108040201/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3326569891674161&plah=memz-trojan.en.download.it

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59cbfdef4f2a9a846d7f98276813927762f7f67851c64975563139d17d47620b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95395
x-xss-protection: 0
server: cafe
etag: 12107374755789589264
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 06 Aug 2021 13:17:10 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210803/r20190131/ Frame 92ED 10 KB
5 KB 5ms
5ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210803/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210803/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://memz-trojan.en.download.it/downloading
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 05 Aug 2021 18:33:48 GMT
expires: Thu, 19 Aug 2021 18:33:48 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 67402
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 raty.woff
cdn.download.it/dit/raty/fonts/ 2 KB
2 KB 25ms
24ms Font
application/font-woff 2606:4700:20::ac43:4a1b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.download.it/dit/raty/fonts/raty.woff
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/raty/jquery.raty.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce79bee15c8795bb7bee159131318308b432133f4268f2531eb9f2790c95bda5

Request headers

Origin: https://memz-trojan.en.download.it
Referer: https://cdn.download.it/dit/raty/jquery.raty.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2141299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 28 Jul 2020 16:02:49 GMT
server: cloudflare
etag: W/"704-5ab82921c9c40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atdChHeuwFwog3s9COZD88ns40ZF9DVHlrWoZ3UGY6oYz6lkuPcsTYyIGKcbPjRq6OtM1jXk%2FY5Gt8sdKUD%2FSqp53GliVKBNaiqdszOY0oKr4r0NS8smmMDaPo0roVfLRVer71SN8yc2tR2rOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=2592000
cf-ray: 67a88b3ed9984a67-FRA
expires: Wed, 11 Aug 2021 18:28:51 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
96 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-30374496-1&cid=2030300197.1628255831&jid=1678140925&gjid=1122774046&_gid=1051876758.1628255831&_u=IEBAAEAAAAAAAC~&z=912496673

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 06 Aug 2021 13:17:10 GMT
content-type: text/plain
access-control-allow-origin: https://memz-trojan.en.download.it
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 dcnt Show response
memz-trojan.en.download.it/ 0
523 B 57ms
57ms XHR
text/plain 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://memz-trojan.en.download.it/dcnt
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/js/jquery-3.4.1.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: cors
origin: https://memz-trojan.en.download.it
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: _ga=GA1.2.2030300197.1628255831; _gid=GA1.2.1051876758.1628255831; _gat=1
content-length: 31
:path: /dcnt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: memz-trojan.en.download.it
referer: https://memz-trojan.en.download.it/downloading
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://memz-trojan.en.download.it/downloading
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfirZTT%2FZN46gvtZdeXJK40kG8CZT61JI1XrG%2BatT0vHhnPGZOsPQaHxxEhH8dUxt81TcB9BFHSafiISyKPZL%2FN675d%2BNiat%2F4%2FgXBhn8x64kIVmPv0Z6p5WEPgJc1I36Bxa%2BN5HBd29qBaRoAA3P6fbobVf3Qbn"}],"group":"cf-nel","max_age":604800}
cf-ray: 67a88b3eea901782-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0

GET
H3-29 200 gisdlu Show response
memz-trojan.en.download.it/ 80 B
645 B 111ms
111ms XHR
text/plain 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://memz-trojan.en.download.it/gisdlu?s=memz-trojan&h=decdd215069ca058bc0020d59c05c563&t=1628255830868&d=d&f=windows&l=en-US
Requested by: Host: cdn.download.it
URL: https://cdn.download.it/dit/js/jquery-3.4.1.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2565427e6fa039b753de7c2df68d348858be2d184a5acb6ccfc818988abca988

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: _ga=GA1.2.2030300197.1628255831; _gid=GA1.2.1051876758.1628255831; _gat=1
:path: /gisdlu?s=memz-trojan&h=decdd215069ca058bc0020d59c05c563&t=1628255830868&d=d&f=windows&l=en-US
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: memz-trojan.en.download.it
referer: https://memz-trojan.en.download.it/downloading
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://memz-trojan.en.download.it/downloading
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGo8a%2BzU5FTeCvWuMqqgPmyYI5MJItoBeCPRkADLiFCouvQdx%2F5dWGeYYMZbdsiUUfNNJXdbxssU7UWYe1rc%2FeXp3knjBlbv2bH1WwaYtIwuhS%2BcG8%2FshSLAEobpZUQbZqhFnn%2BQpJ2hmevehwAF85jSR9WimXKo"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=ISO-8859-1
cf-ray: 67a88b3eea981782-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 t.php Show response
c.statcounter.com/ 192 B
501 B 196ms
193ms XHR
application/json 104.22.52.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.statcounter.com/t.php?sc_project=9701494&u1=80AAFB47859D4FA542180A0CBBE2125E&java=1&security=9186b06c&sc_snum=1&sess=8987a3&p=0&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1600&h=1200&camefrom=&u=https%3A//memz-trojan.en.download.it/downloading&t=Memz%20Trojan%20%E2%80%94%20Downloading&invisible=1&sc_rum_e_s=407&sc_rum_e_e=414&sc_rum_f_s=0&sc_rum_f_e=321&get_config=true
Requested by: Host: www.statcounter.com
URL: https://www.statcounter.com/counter/counter.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.52.65 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb2697b60c526a1d4980e0874700e7c2b4f43bb9292770f71bb4bb972506e415

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 67a88b3f187fcaf4-ARN
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
access-control-allow-origin: https://memz-trojan.en.download.it
access-control-allow-credentials: true
content-type: application/json
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
113 B 18ms
17ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-30374496-1&cid=2030300197.1628255831&jid=1678140925&_u=IEBAAEAAAAAAAC~&z=1579247957

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 13:17:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-30374496-1&cid=2030300197.1628255831&jid=1678140925&_u=IEBAAEAAAAAAAC~&z=1579247957

Requested by

Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 13:17:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
657 B 166ms
60ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=memz-trojan.en.download.it&callback=_gfp_s_&client=ca-pub-3326569891674161

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108040201/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3326569891674161&plah=memz-trojan.en.download.it

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

6afcfd6788984a39cfd76c83f5ce59fc4faf76d5649c75001dd274e524446310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 35ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=memz-trojan.en.download.it

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=memz-trojan.en.download.it

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2618 0
19 B 183ms
181ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&adk=1812271804&adf=3025194257&lmt=1628255830&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830813&bpp=2&bdt=249&idt=123&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6136645567773&frm=20&pv=2&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=142

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3326569891674161&output=html&adk=1812271804&adf=3025194257&lmt=1628255830&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830813&bpp=2&bdt=249&idt=123&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6136645567773&frm=20&pv=2&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=142
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://memz-trojan.en.download.it/downloading
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 06 Aug 2021 13:17:11 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 06-Aug-2021 13:32:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 06 Aug 2021 13:17:11 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 37ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2596198e77ccbdab3018bee48950659e33465901f5b2060ea5439ff6c1f6a9b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628076391864921"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27992
x-xss-protection: 0
expires: Fri, 06 Aug 2021 13:17:10 GMT

POST
H3-29 204 result Show response
memz-trojan.en.download.it/cdn-cgi/bm/cv/ 0
765 B 10ms
10ms XHR
text/plain 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://memz-trojan.en.download.it/cdn-cgi/bm/cv/result?req_id=67a88b3c9dad1786
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/cdn-cgi/bm/cv/669835187/api.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: cors
origin: https://memz-trojan.en.download.it
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.2030300197.1628255831; _gid=GA1.2.1051876758.1628255831; _gat=1; sc_is_visitor_unique=rx9701494.1628255831.80AAFB47859D4FA542180A0CBBE2125E.1.1.1.1.1.1.1.1.1
content-length: 424
:path: /cdn-cgi/bm/cv/result?req_id=67a88b3c9dad1786
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: memz-trojan.en.download.it
referer: https://memz-trojan.en.download.it/downloading
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 06 Aug 2021 13:17:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FGy2RWGEi4xsazup8xzJormzZVIX2AkxbMkvsmda5%2FPxU4KJi9LmRfS%2Bxb6%2FLH8TwMknC7a0W3YL8fXOxNNbxOyvHohYWooS%2B%2BpqYo3T9YpXw90NYR59j5HQLLowRQFjJCqjHNo7qkTjQz%2BPBCi5ZCyeZOCNEh1"}],"group":"cf-nel","max_age":604800}
set-cookie: __cf_bm=a0a021416fa4dabdd5376358029080c96963a40b-1628255830-1800-ATh3VYIK0ZOQhturUkg+qi8KhAsQYsn4hZjBZRNlmTnMGaELF4gbsyLmlwRmKo/SFpba9kmXjOf0mQP04rSAQcFLrsawuNVwNngB1iWjp8QP/mr11ywNejZrOw9FLnZh8i77bzEYsHtpjqMvQwfKWR8=; path=/; expires=Fri, 06-Aug-21 13:47:10 GMT; domain=.download.it; HttpOnly; Secure; SameSite=None
cf-ray: 67a88b3fabde1782-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0EE2 52 KB
15 KB 558ms
558ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49a622871f445a4cc19f5c45de39c259c120ccb2fed0c2c3983a9456e1f94297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://memz-trojan.en.download.it/downloading
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 06 Aug 2021 13:17:11 GMT
server: cafe
content-length: 15338
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 06-Aug-2021 13:32:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 06 Aug 2021 13:17:11 GMT
cache-control: private

GET
H3-29 200 css
fonts.googleapis.com/ Frame 0EE2 3 KB
578 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 06 Aug 2021 12:54:15 GMT
server: ESF
date: Fri, 06 Aug 2021 13:17:11 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Aug 2021 13:17:11 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/ Frame 0EE2 1 KB
937 B 33ms
11ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:14:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Aug 2021 13:14:57 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210803/r20110914/ Frame 0EE2 18 KB
8 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210803/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Aug 2021 13:16:26 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/ Frame 0EE2 2 KB
1 KB 30ms
10ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:16:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Aug 2021 13:16:24 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0EE2 124 KB
37 KB 31ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf84082e259ad41af7fd361fd43e0bee4f52c633d44d4bbaf02930a437d82a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628076384053681"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38210
x-xss-protection: 0
expires: Fri, 06 Aug 2021 13:17:11 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/ Frame 0EE2 14 KB
6 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210803/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Aug 2021 13:15:59 GMT

GET
H2 200 42d1b86cb875341df5a163347562cfa0.js Show response
www.gstatic.com/mysidia/ Frame 0EE2 26 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/42d1b86cb875341df5a163347562cfa0.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e657b28cb084ea0db5d890b2e2c087134cca2e68cecdf498ae903d01c9427c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:10:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83193
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10795
x-xss-protection: 0
last-modified: Wed, 28 Jul 2021 21:26:31 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Nov 2021 14:10:38 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0EE2 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CiRP1VzYNYZoulfHfA-rypvAG7tmi22Kgs7v6ww2gi66ZqB0QASC0pqxlYJUCoAHFkYyUAsgBAagDAaoE9wFP0EZhq1azNRedUoJvBXWlxufXuP6GtzUKBaTrtxn63jtj19ZrHkez3IXpp0GH1-Q7RtYFWN3HThfNE6-uANyd4hN9OoD8sZhnQpffsbIkg0V6LB09orD1FR0irzP_PrOi7Gd7_17JP-ijWhnArjFOETWvdDXT1GKaW0Mh3h5F2qxPG7ufBcCB9jHhokjNRKio4gYEAeq0_68K1GCrzp4RSPS3qt0z5Z70DfJuKqNOFoobNEgrMzK62KnZeQ4dic0UxqwlgLtphQGCL48BZaxYuNKkSQQntzx76T8YqstzwHCLprAKSrqlWZyt6KRdwvisYgKXJWGlwASZi6vCrgOSBQQIBBgBkgUECAUYBIAHo-7z6wGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQu-YU0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshcaChgIABIUcHViLTMzMjY1Njk4OTE2NzQxNjE&sigh=s72TmlyFvNg&template_id=5001

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 06 Aug 2021 13:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 06 Aug 2021 13:17:11 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5195555088061754110/ Frame 0EE2 1 KB
1 KB 24ms
12ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5195555088061754110/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30f046b73e3148a5d2a1ee22dedc9285d1a527b0c5b6b8735149522e087bbbb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 03:16:00 GMT
x-content-type-options: nosniff
age: 295271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1121
x-xss-protection: 0
last-modified: Thu, 08 Oct 2020 22:22:31 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 03:16:00 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BD9E 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkPERrSH7MghXQoQvB-Grsh5affyGjq42WG-zDV2IUVHQUSxYxhOgVwDSmzFlU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3326569891674161&output=html&h=280&slotname=8050094845&adk=3986806541&adf=2888024063&pi=t.ma~as.8050094845&w=1110&fwrn=4&fwrnh=100&lmt=1628255830&rafmt=1&psa=0&format=1110x280&url=https%3A%2F%2Fmemz-trojan.en.download.it%2Fdownloading&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628255830815&bpp=3&bdt=251&idt=171&shv=r20210803&mjsv=m202108040201&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6136645567773&frm=20&pv=1&ga_vid=2030300197.1628255831&ga_sid=1628255831&ga_hid=697500892&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=86&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672%2C20211866%2C31062065&oid=3&pvsid=4470272611895418&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4wKygZ9l0i&p=https%3A//memz-trojan.en.download.it&dtd=175

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 06 Aug 2021 12:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2054
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0EE2 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9964d96b0429f775582b80f1e6906ad69936f40b43dd74a2274758e12e03447e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0EE2 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 02:22:18 GMT
x-content-type-options: nosniff
age: 298493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 02:22:18 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0EE2 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Aug 2021 13:46:22 GMT
x-content-type-options: nosniff
age: 257449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Aug 2022 13:46:22 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 28ms
27ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210803&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c3c3d3c1561f7914a1d929a7e9c168cf4ae23e889f1292b27a6fbe4ac3eef0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8640
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BD9E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

16ms
15ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkPERrSH7MghXQoQvB-Grsh5affyGjq42WG-zDV2IUVHQUSxYxhOgVwDSmzFlU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 06 Aug 2021 13:17:11 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 06-Aug-2021 14:17:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 06 Aug 2021 13:17:11 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 06 Aug 2021 13:17:11 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 rum Show response
memz-trojan.en.download.it/cdn-cgi/ 0
174 B 29ms
28ms XHR
text/plain 2606:4700:20::681a:ebc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://memz-trojan.en.download.it/cdn-cgi/rum?req_id=67a88b3c9dad1786

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ebc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://memz-trojan.en.download.it
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _ga=GA1.2.2030300197.1628255831; _gid=GA1.2.1051876758.1628255831; _gat=1; sc_is_visitor_unique=rx9701494.1628255831.80AAFB47859D4FA542180A0CBBE2125E.1.1.1.1.1.1.1.1.1; __cf_bm=a0a021416fa4dabdd5376358029080c96963a40b-1628255830-1800-ATh3VYIK0ZOQhturUkg+qi8KhAsQYsn4hZjBZRNlmTnMGaELF4gbsyLmlwRmKo/SFpba9kmXjOf0mQP04rSAQcFLrsawuNVwNngB1iWjp8QP/mr11ywNejZrOw9FLnZh8i77bzEYsHtpjqMvQwfKWR8=; __gads=ID=c62cf913bd2331c3-2220186e96c90026:T=1628255831:RT=1628255831:S=ALNI_MYwIFxkTqo4LQCEKSbgt5fqu9aUIA
content-length: 17046
:path: /cdn-cgi/rum?req_id=67a88b3c9dad1786
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: memz-trojan.en.download.it
referer: https://memz-trojan.en.download.it/downloading
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://memz-trojan.en.download.it
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 67a88b443d0e1782-FRA
vary: Origin

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Fri, 06 Aug 2021 13:17:11 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F89F 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://memz-trojan.en.download.it/downloading
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 06 Aug 2021 12:58:39 GMT
expires: Sat, 06 Aug 2022 12:58:39 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0A04 783 B
534 B 25ms
25ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6885c33c3a939d8ca80f367c8bd37b78c2f0dbd5ae7196bdaf4b20bddbc5452d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7Uw6r1qBZ+FRSLMQHjOVeA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://memz-trojan.en.download.it/downloading
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

expires: Fri, 06 Aug 2021 13:17:11 GMT
date: Fri, 06 Aug 2021 13:17:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7Uw6r1qBZ+FRSLMQHjOVeA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js Show response
pagead2.googlesyndication.com/bg/ Frame F89F 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cTVw2q3qifWF7-hfKGcY5S3uNwMbqeWNUaRSYif7uFo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 10:43:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13202
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 06 Aug 2022 10:43:47 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 30ms
30ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210803&jk=4470272611895418&bg=!ExClEFTNAAals0SOpbM7ACkAdvg8WifGR4vtxscQfhhK6J2Wy5TtVR5E5HuaDJC1CF-FrKR7eavEVgIAAABwUgAAAAloAQcKAMP5frol-MLtclUkKFe0JEd5XhhecUTZmHtdY7eRjrYD2TGGwtr1UW4quofxM43PBJAzCVlaT3uLJ7j8pK3gz1f0VQYNLZo2Xudyza9rSna_M3xLJyXHeshi7k1de2zqu1JT42bVM9CKnIWormaWwCoKcx31bMgpfGBcKRw3jxkWoUjbXqFzCA_-NmE7xNU3c4Lh7D8DWoCcGbHyPHELQCDei5b-1YCoVa3n26CMmJELn2nZM9lmhBQVQq_hyZOiqgRwnLWZAnya-NgDDVV9PoeRZvd_BIP_kS9jQnn4DpDCKaWtEcTBYze4erMBilSyUpS_TvxBfLo_3_5kE1HL2tMWYEq0fZDnfcZBdwyYcv_3VC_fmZYOdbGN8-neUebOnwnRxFr8BsuK7OCqeHMVE72d3YLgliT9naiV2ynoyca9u4sNgsaGmICM0x1_Ibqb01DeBfsAwsrQYVWsy3NFuSQS8us_u9KrZCb1NgPrtoDjoQvZxxDVs4RUs3aiB-DhjivrEB475G9yFA7K76clF88Of6HIXXqkkH6guqx2N69WDBhkeMkYmPqYC31lsMHo3JOYeNkxVouQJHvZBarq15LO0iIv1-1yHKvaX_fVhzCluIE07U9R_uUbugZPfVDHP7a9x1i0fqWZa1zn721ob8IH41Z8_0ghNmazE0r723Dr4qAGKvs7VoVk646Y6LC_X6YKo83enCQ14n0NsZ4hyHA0W0hLDSFi-LpAymg-KeSdAN83Cv-EEQXsswAYXEZiLHUh4Hfouuw18NUeKLXb5Ds5qUkvAUQLuScmLrRl-uAjQ2pGOAY1M7mULwwHGIahSVwD6myxtgkxXYJLYdixjjIYtzwYonDbCjDsCLAYfp4t3N213p4Kk43gzOyLA_6Qwo4d85u5m9DKza701Wa8i1mkhZZHu768MCQVM3EN_sxp3oukNYnLzeLIaFBQ3gQU1WD_F3ZWedRKEP6E45tNEX5KeFDlK_UQgth3Vt1cvzLlvrUOdkhEdL7gtgWHQaftilwBoF5wBjmrzFshRwxU8V9zkX4J_4rXkYiP1re8WPDT_dWIs4yzpxfnCjWY6EKi8HteSncJ1au_2w7HrdfubCNrcdc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://memz-trojan.en.download.it/downloading
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 13:17:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK memz-trojan.zip
dl.download.it/US/ 0
0 179ms
70ms Document
application/zip 95.168.168.24
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.download.it/US/memz-trojan.zip?st=LA_chCN_avY7mFgop5s18Q&e=1628266630
Requested by: Host: memz-trojan.en.download.it
URL: https://memz-trojan.en.download.it/downloading
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.168.168.24 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Host: dl.download.it
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://memz-trojan.en.download.it/downloading
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _ga=GA1.2.2030300197.1628255831; _gid=GA1.2.1051876758.1628255831; _gat=1; __cf_bm=a0a021416fa4dabdd5376358029080c96963a40b-1628255830-1800-ATh3VYIK0ZOQhturUkg+qi8KhAsQYsn4hZjBZRNlmTnMGaELF4gbsyLmlwRmKo/SFpba9kmXjOf0mQP04rSAQcFLrsawuNVwNngB1iWjp8QP/mr11ywNejZrOw9FLnZh8i77bzEYsHtpjqMvQwfKWR8=; __gads=ID=c62cf913bd2331c3-2220186e96c90026:T=1628255831:RT=1628255831:S=ALNI_MYwIFxkTqo4LQCEKSbgt5fqu9aUIA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://memz-trojan.en.download.it/downloading

Response headers

Server: nginx
Date: Fri, 06 Aug 2021 13:17:12 GMT
Content-Type: application/zip
Content-Length: 48668
Last-Modified: Fri, 24 Apr 2020 09:11:17 GMT
Connection: keep-alive
ETag: "5ea2ad35-be1c"
Accept-Ranges: bytes

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0EE2 42 B
64 B 29ms
28ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRh4Cxhso3RpbVVsCxxy4VQ6kAs8CoqN3VLseny99tUrTGOJB5YEVueyQWMDiv3dRGTKwOLm4R7a_Z2RsekKJGImmR_tJg6YuUG_bsDm-iA0TQ0raKjNdpOpceCg&sai=AMfl-YRUMrowYoBzHqnwMpAWTk2BuOVKqhHp9Jjq-0-DKqMq-rJaiLCKYtIA22i4Tw5AHBeyPJQ6WariWquv&sig=Cg0ArKJSzELiPUyl5-Z6EAE&id=lidar2&mcvt=1001&p=86,245,366,1355&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210804&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3986806541&rs=2&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosc=0&eosm=0&rst=1628255830992&dlt=561&rpt=30&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Aug 2021 13:17:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 05:39:11	Name: IDE Value: AHWqTUkPERrSH7MghXQoQvB-Grsh5affyGjq42WG-zDV2IUVHQUSxYxhOgVwDSmzFlU
.download.it/	1970-01-19 20:17:37	Name: __cf_bm Value: a0a021416fa4dabdd5376358029080c96963a40b-1628255830-1800-ATh3VYIK0ZOQhturUkg+qi8KhAsQYsn4hZjBZRNlmTnMGaELF4gbsyLmlwRmKo/SFpba9kmXjOf0mQP04rSAQcFLrsawuNVwNngB1iWjp8QP/mr11ywNejZrOw9FLnZh8i77bzEYsHtpjqMvQwfKWR8=
.download.it/	1970-01-19 20:17:35	Name: _gat Value: 1
.download.it/	1970-01-20 05:39:11	Name: __gads Value: ID=c62cf913bd2331c3-2220186e96c90026:T=1628255831:RT=1628255831:S=ALNI_MYwIFxkTqo4LQCEKSbgt5fqu9aUIA
.download.it/	1970-01-19 20:19:02	Name: _gid Value: GA1.2.1051876758.1628255831
.memz-trojan.en.download.it/	1970-01-20 13:48:47	Name: sc_is_visitor_unique Value: rx9701494.1628255831.80AAFB47859D4FA542180A0CBBE2125E.1.1.1.1.1.1.1.1.1
.download.it/	1970-01-20 13:48:47	Name: _ga Value: GA1.2.2030300197.1628255831

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js(Line 226) Message: AdSense head tag doesn't support data-cfasync attribute.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
c.statcounter.com
cdn.download.it
dl.download.it
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
memz-trojan.en.download.it
pagead2.googlesyndication.com
partner.googleadservices.com
static.cloudflareinsights.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
www.statcounter.com
104.22.52.65
142.250.184.226
2606:4700:20::681a:ebc
2606:4700:20::ac43:4a1b
2606:4700::6810:5f41
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c06::9a
95.168.168.24
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c3c3d3c1561f7914a1d929a7e9c168cf4ae23e889f1292b27a6fbe4ac3eef0c
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299
0f8f42940da5d7ddbb153b18c0bda9bfa9e56d66be5e3169289973af1c01442b
118decffeba7afb71d9e354564c6ecfebc7e38a364f6b5d132db31ba694ddf01
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
208b2bed8945d835348d0318bb7c4f8c83ef92494efbe5801a527891490efd09
2565427e6fa039b753de7c2df68d348858be2d184a5acb6ccfc818988abca988
2596198e77ccbdab3018bee48950659e33465901f5b2060ea5439ff6c1f6a9b1
2e7359f7913dc17fe2545e918775e6ddf978c4f1f45c81cdba14e4f03754149e
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
307238fd564ccf483e9503989f781d89c45525f80dec2bb3e80a9ad70fb37ba2
30f046b73e3148a5d2a1ee22dedc9285d1a527b0c5b6b8735149522e087bbbb8
38afa88926f69f684e93ac9023338100a57b9424cedf63f7ee73b1202c98eead
39c592f08901ee4295d3895e452970046d6e3e6d3f66116c490e7be57c94447f
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
49a622871f445a4cc19f5c45de39c259c120ccb2fed0c2c3983a9456e1f94297
4c8ce6c1372920d818248559a28470c6152e5e0be4ca1f45dfb923c34808d21a
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
59cbfdef4f2a9a846d7f98276813927762f7f67851c64975563139d17d47620b
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
5e657b28cb084ea0db5d890b2e2c087134cca2e68cecdf498ae903d01c9427c1
6885c33c3a939d8ca80f367c8bd37b78c2f0dbd5ae7196bdaf4b20bddbc5452d
6afcfd6788984a39cfd76c83f5ce59fc4faf76d5649c75001dd274e524446310
713570daadea89f585efe85f286718e52dee37031ba9e58d51a4526227fbb85a
73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
81c7685af96badd81fad41fff2e20d53306a6b33c8662ca5821ba36622f6b4f9
83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
9964d96b0429f775582b80f1e6906ad69936f40b43dd74a2274758e12e03447e
9bd4667051083414e6918c646422069fdd0292fb55aff0e8b807ec4fbb496c09
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e9d557299a022ee09b50d4119ec776d86274688b3c9b51d6cac0e47d7db0e2
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
aad9366ca41d12eede03015584a490d00cb7be7df80bd51596a5dc476b97fda3
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bd6e54205b676ae77ad3a871d8a7f6225071468451108dffa28bf734d04aea97
c1826c77619422cbfc2d6c86317f35c583411abd2f75de81a7ee8bb309cd9135
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
c9ccf96d28b2debbe29c1eb1600250f24046faa7af4ef233eb5fa71dfa920d35
cc9b0a9e93b06fb941064e6d5d44d0f140deca481ba0f2fed2da938a81068bc0
ce79bee15c8795bb7bee159131318308b432133f4268f2531eb9f2790c95bda5
cf84082e259ad41af7fd361fd43e0bee4f52c633d44d4bbaf02930a437d82a00
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d8e93fd1f7c27527c73f03cfc56f1ed4cf0255b9f2cfa19920fd68e6db78db85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e51e6e21c0bf188de6ced1e35713b56473ecac09dd4389f0b1172dc5c7fd93f6
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
eb2697b60c526a1d4980e0874700e7c2b4f43bb9292770f71bb4bb972506e415
ec47e6472651559ca723a66ef956e8b17527d80edc59644be04633abf4516786
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
fb5112588a752ef36a064ece2242fe849bfbb90c333608d4515c4d34bbb81a60

memz-trojan.en.download.it Open in urlscan Pro 2606:4700:20::681a:ebc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

78 Requests

100 %HTTPS

87 %IPv6

12 Domains

20 Subdomains

24 IPs

4 Countries

786 kBTransfer

1773 kBSize

7 Cookies

41 Outgoing links

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

memz-trojan.en.download.it Open in urlscan Pro
2606:4700:20::681a:ebc Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

100 %
HTTPS

87 %
IPv6

12
Domains

20
Subdomains

24
IPs

4
Countries

786 kB
Transfer

1773 kB
Size

7
Cookies

78 HTTP transactions
1 data transactions