malware366.rssing.com Open in urlscan Pro
199.127.61.68 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://malware366.rssing.com/chan-15300800/all_p1801.html
Submission: On January 08 via manual (January 8th 2020, 7:36:05 pm UTC) from CA

Summary HTTP 236 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 30 IPs in 7 countries across 32 domains to perform 236 HTTP transactions. The main IP is 199.127.61.68, located in Las Vegas, United States and belongs to RELIABLESITE - ReliableSite.Net LLC, US. The main domain is malware366.rssing.com.

This is the only time malware366.rssing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	199.127.61.68 199.127.61.68	23470 (RELIABLESITE) (RELIABLESITE - ReliableSite.Net LLC)
23	2606:4700:30:... 2606:4700:30::681b:8fe9	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 3	2606:4700:10:... 2606:4700:10::6814:ec10	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 4	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
24 48	208.76.245.34 208.76.245.34	20202 (CRUCIAL) (CRUCIAL - Crucial Paradigm)
4	52.216.170.101 52.216.170.101	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	91.228.74.240 91.228.74.240	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
28	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
31	2606:4700:10:... 2606:4700:10::6814:ed10	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 11	104.19.131.80 104.19.131.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
20	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2606:4700::68... 2606:4700::6812:9ce1	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6810:3f36	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 2	2600:9000:215... 2600:9000:2156:f000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY - Fastly)
1 1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:4f::9	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:215... 2600:9000:2156:c800:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
10	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
6	2606:4700:20:... 2606:4700:20::681a:60a	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
7	52.29.128.237 52.29.128.237	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	2a00:1450:400... 2a00:1450:4001:816::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
23	2606:4700:e6:... 2606:4700:e6::ac40:c807	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4 4	54.93.38.91 54.93.38.91	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	91.228.74.252 91.228.74.252	27281 (QUANTCAST) (QUANTCAST - Quantcast Corporation)
7	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	213.19.147.150 213.19.147.150	26120 (RHYTHMONE) (RHYTHMONE - RhythmOne)
2 2	151.101.112.166 151.101.112.166	54113 (FASTLY) (FASTLY - Fastly)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-) (VCLK-EU-)
2 2	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	185.29.132.30 185.29.132.30	30419 (MEDIAMATH...) (MEDIAMATH-INC - MediaMath Inc)
2 2	52.16.238.200 52.16.238.200	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
236	30

3 199.127.61.68 (Las Vegas, United States)

ASN23470 (RELIABLESITE - ReliableSite.Net LLC, US)

malware366.rssing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700:30::681b:8fe9 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.rssing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6814:ec10 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

services.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logs.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.248.44 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 208.76.245.34 (Dallas, United States) 24 redirects

ASN20202 (CRUCIAL - Crucial Paradigm, US)
PTR: s497.c4.crucialp.com

greatis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.greatis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.216.170.101 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.240 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST - Quantcast Corporation, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2606:4700:10::6814:ed10 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

biltag.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats.bilsyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.19.131.80 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

jsc.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.adskeeper.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:9ce1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

flx907.lporirxe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3f36 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

pre.glotgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:f000:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

redirector.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:4f::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

r3---sn-4g5e6nl7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:c800:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:60a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

adapter.valueimpression.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

an.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.29.128.237 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700:e6::ac40:c807 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

jstag.interestinglinks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
interestinglinks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.93.38.91 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-38-91.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.252 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST - Quantcast Corporation, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.150 (United Kingdom) 1 redirects

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.166 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY - Fastly, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Sweden)

ASN41041 (VCLK-EU-, SE)

pulsepoint-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.194 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.30 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.238.200 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-16-238-200.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	greatis.com 24 redirects greatis.com info.greatis.com	356 KB
34	bilsyndication.com 1 redirects services.bilsyndication.com biltag.bilsyndication.com assets.bilsyndication.com logs.bilsyndication.com media.bilsyndication.com stats.bilsyndication.com	1 MB
28	google-analytics.com www.google-analytics.com	142 KB
26	rssing.com malware366.rssing.com www.rssing.com	118 KB
23	interestinglinks.net jstag.interestinglinks.net interestinglinks.net	251 KB
20	youtube.com www.youtube.com
17	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	26 KB
11	rubiconproject.com fastlane.rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com	10 KB
11	adskeeper.co.uk 1 redirects jsc.adskeeper.co.uk servicer.adskeeper.co.uk cm.adskeeper.co.uk cdn.adskeeper.co.uk s-img.adskeeper.co.uk c.adskeeper.co.uk	83 KB
8	googletagmanager.com www.googletagmanager.com	218 KB
7	gstatic.com fonts.gstatic.com	108 KB
7	googleapis.com imasdk.googleapis.com fonts.googleapis.com	95 KB
6	valueimpression.com adapter.valueimpression.com	1 KB
4	bidswitch.net 4 redirects x.bidswitch.net	2 KB
4	amazonaws.com s3.amazonaws.com	27 KB
3	quantserve.com 2 redirects edge.quantserve.com pixel.quantserve.com	7 KB
3	addthis.com 1 redirects s7.addthis.com	189 KB
2	adsrvr.org 2 redirects match.adsrvr.org	922 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	doubleclick.net 2 redirects cm.g.doubleclick.net	1 KB
2	contextweb.com 2 redirects bh.contextweb.com	1 KB
2	googlevideo.com 1 redirects redirector.googlevideo.com r3---sn-4g5e6nl7.googlevideo.com	910 B
2	quantcount.com 1 redirects rules.quantcount.com	786 B
1	dotomi.com pulsepoint-match.dotomi.com	104 B
1	1rx.io 1 redirects sync.1rx.io	321 B
1	facebook.com an.facebook.com	1 KB
1	addthisedge.com v1.addthisedge.com	853 B
1	consensu.org vendorlist.consensu.org	17 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	glotgrx.com pre.glotgrx.com	539 B
1	lporirxe.com 1 redirects flx907.lporirxe.com	446 B
1	moatads.com z.moatads.com	1 KB
236	32

	Domain	Requested by
44	greatis.com	22 redirects malware366.rssing.com
28	www.google-analytics.com	malware366.rssing.com www.googletagmanager.com
23	www.rssing.com	malware366.rssing.com
20	www.youtube.com	malware366.rssing.com
18	assets.bilsyndication.com	biltag.bilsyndication.com malware366.rssing.com
17	interestinglinks.net	jstag.interestinglinks.net
10	apex.go.sonobi.com	assets.bilsyndication.com
8	www.googletagmanager.com	biltag.bilsyndication.com jstag.interestinglinks.net
7	sync.go.sonobi.com	malware366.rssing.com
7	prebid-server.rubiconproject.com	assets.bilsyndication.com
7	fonts.gstatic.com	malware366.rssing.com
7	biltag.bilsyndication.com	services.bilsyndication.com biltag.bilsyndication.com
6	fonts.googleapis.com	jstag.interestinglinks.net
6	jstag.interestinglinks.net	malware366.rssing.com
6	stats.bilsyndication.com	malware366.rssing.com
6	adapter.valueimpression.com	assets.bilsyndication.com
4	x.bidswitch.net	4 redirects
4	s-img.adskeeper.co.uk	malware366.rssing.com
4	s3.amazonaws.com	malware366.rssing.com biltag.bilsyndication.com
4	info.greatis.com	2 redirects malware366.rssing.com
3	fastlane.rubiconproject.com	assets.bilsyndication.com
3	s7.addthis.com	1 redirects malware366.rssing.com s7.addthis.com
3	malware366.rssing.com	assets.bilsyndication.com www.rssing.com
2	match.adsrvr.org	2 redirects
2	sync.mathtag.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	bh.contextweb.com	2 redirects
2	cm.adskeeper.co.uk	jsc.adskeeper.co.uk
2	rules.quantcount.com	1 redirects malware366.rssing.com
2	jsc.adskeeper.co.uk	1 redirects malware366.rssing.com
2	edge.quantserve.com	1 redirects malware366.rssing.com
1	pulsepoint-match.dotomi.com	malware366.rssing.com
1	sync.1rx.io	1 redirects
1	pixel.quantserve.com	1 redirects
1	eus.rubiconproject.com	assets.bilsyndication.com
1	an.facebook.com	assets.bilsyndication.com
1	c.adskeeper.co.uk	malware366.rssing.com
1	v1.addthisedge.com	s7.addthis.com
1	cdn.adskeeper.co.uk	malware366.rssing.com
1	vendorlist.consensu.org	assets.bilsyndication.com
1	r3---sn-4g5e6nl7.googlevideo.com	malware366.rssing.com
1	redirector.googlevideo.com	1 redirects
1	media.bilsyndication.com	1 redirects
1	logs.bilsyndication.com	malware366.rssing.com
1	cdn.jsdelivr.net	assets.bilsyndication.com
1	servicer.adskeeper.co.uk	jsc.adskeeper.co.uk
1	pre.glotgrx.com	malware366.rssing.com
1	flx907.lporirxe.com	1 redirects
1	imasdk.googleapis.com	biltag.bilsyndication.com
1	z.moatads.com	s7.addthis.com
1	services.bilsyndication.com	malware366.rssing.com
236	51

This site contains links to these domains. Also see Links.

Domain
www.rssing.com
widgets.adskeeper.com
www.adskeeper.co.uk
valueimpression.com

Subject Issuer	Validity	Valid
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
greatis.com cPanel, Inc. Certification Authority	`2019-12-11` - `2020-03-10`	3 months	crt.sh
info.greatis.com cPanel, Inc. Certification Authority	`2019-11-04` - `2020-02-02`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-10` - `2020-03-03`	3 months	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
ssl382687.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-11-07` - `2020-05-15`	6 months	crt.sh
*.google.com GTS CA 1O1	`2019-12-10` - `2020-03-03`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2020-12-02`	a year	crt.sh
*.glotgrx.com Go Daddy Secure Certificate Authority - G2	`2019-11-13` - `2021-01-12`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh
*.c.docs.google.com GTS CA 1O1	`2019-12-03` - `2020-02-11`	2 months	crt.sh
vendorlist.consensu.org Amazon	`2019-03-06` - `2020-04-06`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2019-02-01` - `2021-02-04`	2 years	crt.sh
valueimpression.com CloudFlare Inc ECC CA-2	`2019-09-30` - `2020-09-29`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-12-06` - `2020-03-05`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-26` - `2020-10-09`	9 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 48 frames:

Primary Page: http://malware366.rssing.com/chan-15300800/all_p1801.html
Frame ID: 66B27280934C704C5ECD006F64518138
Requests: 124 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: F21D3E2B8BA8C34CDA77B6574DD0E2D5
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: D5D19CE06938A07BE4625BB9D159B17B
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: F6197F5ED6F1C51740EB8A1FC212AE14
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: A64BB6FB87CD17FC552F3A32710E7CFB
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 649391D1C669B0C858069B4586AC1364
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 095C1C11B56627745D37FB98D932C2D7
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 03F6519C760BCB892BA5D80BEE668F71
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 3BB545374737D08337F4A37B1D9B4C11
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: F7EC1A4A8AB0DC7095D3FA7B7A174828
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: D87AED685864D08C5A6223A246DD816A
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 01BF3FA68846F5D29954A4A1E11D7BF1
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 8DDE7F10C7F9C55BFA875D088F27B775
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 26BD9BFBEFC55EAEBB8A006A70520149
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: BA7707E7645C5BE6DB35617B67401C57
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: D4183C21509248BFD4CF1FA219A1F745
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 0EB89B4720C8C70AE255C07CB0F7D5F7
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: EE4E6C2574E49B0D23DEAF6064D8FF72
Requests: 1 HTTP requests in this frame

Frame: http://assets.bilsyndication.com/widget/2019/11/05/1572962750.jpg
Frame ID: 34B5EA18B93ED1FD1A4D6F64DB172C74
Requests: 10 HTTP requests in this frame

Frame: http://assets.bilsyndication.com/widget/2019/11/05/1572962750.jpg
Frame ID: DBB9141ACD8443F1C5FCC204D59C8FA3
Requests: 5 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: A82297DF9B99FEA58CB76E3998602AF8
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 0C32A2F8E4CFE23CB2AF3405C1CB700D
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0
Frame ID: 39670FBBBBFD52ACCE64AE0366E1851D
Requests: 1 HTTP requests in this frame

Frame: https://cm.adskeeper.co.uk/i-noref.js?cbuster=157851213618690556276
Frame ID: C53121C5930DCC58AA76438673BBDA81
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-128776493-17
Frame ID: B6F18146B45446F5EF6B7503EFDFDBBA
Requests: 15 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-128776493-10
Frame ID: 1202F37C67E6121D43A61127B40E3827
Requests: 1 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683459_1&pbID=7&w=300&h=250
Frame ID: F942C9A55339BD73A337259C831ABE11
Requests: 2 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_1&pbID=5&w=728&h=90
Frame ID: 836C23F964ABA83B37890ACE46722F9F
Requests: 2 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_2&pbID=5&w=728&h=90
Frame ID: 83079F9A1762DF825B7F0AF2745C9E24
Requests: 2 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_3&pbID=5&w=728&h=90
Frame ID: 694CC7278674C1AD4564D11B5407210C
Requests: 2 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_4&pbID=5&w=728&h=90
Frame ID: A0F8F122C96323888074C0FAE1F4A861
Requests: 2 HTTP requests in this frame

Frame: http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_5&pbID=5&w=728&h=90
Frame ID: 572AEE825067F621F1E71E8A512D6CCA
Requests: 2 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: 141DA1640035BB6660C7C993D1093BD7
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500,400
Frame ID: E37893333429C78B56D2886B4E74EB48
Requests: 4 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: B6F99DD2C6907EB27C540DE1A0482369
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500
Frame ID: 209D4D8DC9B6959FA1A9E81CE7741A38
Requests: 5 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: AB8BAC6D706893181644B4BE4EA9DDBD
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500
Frame ID: 0C6CC296189D89B87586C5455449651E
Requests: 5 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: C58A84FF3C15ECDB759DAAD631F4F473
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500
Frame ID: 03D68F96EE9BCD57E73A2F66DE6D6A03
Requests: 5 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: 8AE36A8052FE4DF5C495F5FF06FA253C
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500
Frame ID: E0E1E0D80589AD6A32104990B7C8655A
Requests: 5 HTTP requests in this frame

Frame: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5
Frame ID: 567A22FC25F6B5FEBEACBA460214A1F9
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Oswald:500
Frame ID: 0B7CB93D506F20F0FC879479333D05E4
Requests: 5 HTTP requests in this frame

Frame: https://adapter.valueimpression.com/usersync
Frame ID: 60FF02D81DD62B7D2ECFB619E19BE1B1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 058E5C9B73BD2414CF3558996D01C09F
Requests: 1 HTTP requests in this frame

Frame: https://adapter.valueimpression.com/usersync
Frame ID: AAC9C6D05FFD834C47E9FFA7C14C2AA7
Requests: 1 HTTP requests in this frame

Frame: https://adapter.valueimpression.com/usersync
Frame ID: B0176D1B638FF7AA296AD276A793D483
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

236
Requests

71 %
HTTPS

50 %
IPv6

32
Domains

51
Subdomains

30
IPs

7
Countries

2795 kB
Transfer

13419 kB
Size

0
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: http://www.rssing.com/index.php
Title: HOME

Search URL Search Domain Scan URL

URL: http://www.rssing.com/search.php
Title: SEARCH

Search URL Search Domain Scan URL

URL: http://www.rssing.com/register.php
Title: REGISTER RSS

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php
Title: MY ACCOUNT

Search URL Search Domain Scan URL

URL: http://www.rssing.com/embed.php
Title: EMBED RSS

Search URL Search Domain Scan URL

URL: http://www.rssing.com/super.php
Title: SUPER RSS

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=mmc&r=15300800
Title: Claim

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o5&u=http://malware366.rssing.com/chan-15300800/all_p1801.html
Title: contact us

Search URL Search Domain Scan URL

URL: https://widgets.adskeeper.com/?utm_source=widget_adskeeper&utm_medium=text&utm_campaign=add&utm_content=774883

Search URL Search Domain Scan URL

URL: https://www.adskeeper.co.uk/ghits/4821036/i/34164/2/pp/1/1?h=_yLomkof32i9Zsig-3eTiiU8MlR1O9IH708OXtDeheGVqA8aNHqv6FzU8d5CJeUK&rid=0aa913ae-324e-11ea-8e60-d09466766346&tt=Direct&cpm=1

Search URL Search Domain Scan URL

URL: https://www.adskeeper.co.uk/ghits/4821048/i/34164/2/pp/2/1?h=ynSotnfQ5-o3pQF2qeJzwOSU-rEkeWdHbxNvmfU7RyQFQe_qAt13wqMaytYT4bCw&rid=0aa913ae-324e-11ea-8e60-d09466766346&tt=Direct&cpm=1

Search URL Search Domain Scan URL

URL: https://www.adskeeper.co.uk/ghits/4771081/i/34164/2/pp/3/1?h=JYVEKZdQ4VRvpHOT57z3KMwF_19puJr8zJP8vmSv53sS7qCMG5Xjg8Psrq1aMLC9&rid=0aa913ae-324e-11ea-8e60-d09466766346&tt=Direct&cpm=1

Search URL Search Domain Scan URL

URL: https://www.adskeeper.co.uk/ghits/4831883/i/34164/2/pp/4/1?h=ILWKN_Ia04bRugpHlhP_z1krIX1gMlEjCptotHKFRaaj8wEDz6W8RDkoTPa9wq64&rid=0aa913ae-324e-11ea-8e60-d09466766346&tt=Direct&cpm=1

Search URL Search Domain Scan URL

URL: http://www.rssing.com/catalog.php?cen0=0&cen1=15&cen2=30&cen3=8
Title: Subsection Catalog

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36001
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36002
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36003
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36004
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36005
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36006
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36007
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36008
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36009
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36010
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36011
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36012
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36013
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36014
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36015
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36016
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36017
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36018
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36019
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/account.php?a=ssm&r=o6&u=http%3A%2F%2Fmalware366.rssing.com%2Fbrowser.php%3Findx%3D15300800%26item%3D36020
Title: Contact us about this article

Search URL Search Domain Scan URL

URL: http://www.rssing.com/
Title: HOME

Search URL Search Domain Scan URL

URL: http://www.rssing.com/about.php
Title: ABOUT US

Search URL Search Domain Scan URL

URL: http://www.rssing.com/showcase.html
Title: SHOWCASE

Search URL Search Domain Scan URL

URL: http://valueimpression.com/?ref=malware366.rssing.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

http://s7.addthis.com/js/300/addthis_widget.js HTTP 308
https://s7.addthis.com/js/300/addthis_widget.js

Request Chain 10

http://greatis.com//blog/pics/free_download.png HTTP 302
https://greatis.com/blog/pics/free_download.png

Request Chain 11

http://greatis.com/blog/wp-content/uploads/2017/05/10.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/10.png

Request Chain 12

http://greatis.com/blog/img/2ways.png HTTP 302
https://greatis.com/blog/img/2ways.png

Request Chain 13

http://greatis.com/blog/img/automatically.png HTTP 302
https://greatis.com/blog/img/automatically.png

Request Chain 14

http://greatis.com/blog/img/manually.png HTTP 302
https://greatis.com/blog/img/manually.png

Request Chain 15

http://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png HTTP 302
https://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png

Request Chain 16

http://greatis.com/blog/img/remove-virus-proceses.png HTTP 302
https://greatis.com/blog/img/remove-virus-proceses.png

Request Chain 17

http://greatis.com/blog/img/remove-virus-from-services.png HTTP 302
https://greatis.com/blog/img/remove-virus-from-services.png

Request Chain 18

http://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png HTTP 302
https://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png

Request Chain 19

http://greatis.com/blog/img/remove-virus-from-registry.png HTTP 302
https://greatis.com/blog/img/remove-virus-from-registry.png

Request Chain 20

http://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png

Request Chain 21

http://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png

Request Chain 22

http://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png

Request Chain 23

http://greatis.com//blog/img/download-removal-tool-g.png HTTP 302
https://greatis.com/blog/img/download-removal-tool-g.png

Request Chain 32

http://edge.quantserve.com/quant.js HTTP 301
https://edge.quantserve.com/quant.js?https_upg=1

Request Chain 33

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 36

http://greatis.com/blog/wp-content/uploads/2017/05/7.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/7.png

Request Chain 37

http://greatis.com/blog/wp-content/uploads/2017/05/4.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/4.png

Request Chain 38

http://greatis.com/blog/wp-content/uploads/2017/05/9.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/9.png

Request Chain 39

http://greatis.com/blog/wp-content/uploads/2017/05/5.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/5.png

Request Chain 40

http://greatis.com/blog/wp-content/uploads/2017/05/21.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/21.png

Request Chain 41

http://greatis.com/blog/wp-content/uploads/2017/05/11.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/11.png

Request Chain 42

http://greatis.com/blog/wp-content/uploads/2017/05/8.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/8.png

Request Chain 43

http://greatis.com/blog/wp-content/uploads/2017/05/111.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/111.png

Request Chain 45

http://greatis.com/blog/wp-content/uploads/2017/05/3.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/3.png

Request Chain 50

http://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819 HTTP 301
https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819

Request Chain 57

http://greatis.com/blog/wp-content/uploads/2017/05/6.png HTTP 302
https://greatis.com/blog/wp-content/uploads/2017/05/6.png

Request Chain 66

http://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=360791829&gjid=2127492677&cid=2091740170.1578512135&tid=UA-17602094-1&_gid=1523315827.1578512135&_r=1&z=2063345287 HTTP 307
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=360791829&gjid=2127492677&cid=2091740170.1578512135&tid=UA-17602094-1&_gid=1523315827.1578512135&_r=1&z=2063345287

Request Chain 74

https://flx907.lporirxe.com/flp/impimg.php?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&lat=&lon= HTTP 301
https://pre.glotgrx.com/impimg.gif?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&lat=&lon=&flsrc=1

Request Chain 77

http://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js HTTP 301
https://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js

Request Chain 104

http://media.bilsyndication.com/vid/?id=aFXgSD-cpOM&t=y HTTP 302
https://redirector.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requiressl=yes&mm=31%2C26&mn=sn-5hne6nsy%2Csn-4g5e6nl7&ms=au%2Conr&mv=m&mvi=2&pl=24&initcwndbps=66250&vprv=1&mime=video%2Fmp4&ratebypass=yes&dur=528.346&lmt=1550579060563199&mt=1578497789&fvip=3&fexp=23842630&c=WEB&txp=2211222&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cratebypass%2Cdur%2Clmt&lsparams=mm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AHylml4wRAIgSJT8g5FezQWHgZTSZ4dwYO_sb1eF8JCFrT-R-JCYhbECIEMrvx_4yOpEtla-O4MXLO_FMkff3byZxC8T1y6gmprZ&sig=ALgxI2wwRgIhAIyOTOekcyYcclEWt6CV8gIcdt1-6-u3jb2jBvUu6ZvIAiEAzPOXZWgIHnuo8sreZ4HM3n3tEqgo0FbstpH1nsL2y4U= HTTP 302
https://r3---sn-4g5e6nl7.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ratebypass=yes&dur=528.346&lmt=1550579060563199&fvip=3&fexp=23842630&c=WEB&txp=2211222&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cratebypass%2Cdur%2Clmt&sig=ALgxI2wwRgIhAIyOTOekcyYcclEWt6CV8gIcdt1-6-u3jb2jBvUu6ZvIAiEAzPOXZWgIHnuo8sreZ4HM3n3tEqgo0FbstpH1nsL2y4U=&cms_redirect=yes&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nl7&ms=au&mt=1578512064&mv=m&mvi=2&pl=41&lsparams=mip,mm,mn,ms,mv,mvi,pl&lsig=AHylml4wRQIhAIL4hcCFebDiWrqrE7MSnEGR4X7QBgywU8lzWpgyOmpMAiBuKmgM1hC_eq9ZrBQ0plUNJrDOP7QfZjCF1WNfpNQXHg==

Request Chain 213

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=sonobi HTTP 302
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&gdpr_consent=&user_id=eq_Bs32swONi-sCyfK_dtn7-kr1i8sawf_LOn5Bd HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&gdpr_consent=&user_id=eq_Bs32swONi-sCyfK_dtn7-kr1i8sawf_LOn5Bd HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=72975844-70e3-4b17-a95c-e4ef25539812

Request Chain 214

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Request Chain 215

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=5bd7cc19-e247-427f-9203-dde854806d29&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=

Request Chain 216

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NWJkN2NjMTktZTI0Ny00MjdmLTkyMDMtZGRlODU0ODA2ZDI5 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEFId38B3Mfj6LV-GjkmrF_Q&google_cver=1

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzU0NjVhM2EtYzJmNy00NDYwLTlkYTQtNTBlOGNjNGE2YTc1 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDQ_a8eQstkFLeYdNgO-rC4&google_cver=1

Request Chain 218

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct&UUID=e9215e16-2720-4000-8f72-0f64ccddedd6 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9215e16-2720-4000-8f72-0f64ccddedd6

Request Chain 219

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=d2eb0b8f-e74e-4766-9706-35886af33465&pubid=4d443a3ea2

Request Chain 220

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c5465a3a-c2f7-4460-9da4-50e8cc4a6a75&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=Q2jz4uyISseI

236 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set all_p1801.html Show response
malware366.rssing.com/chan-15300800/ 456 KB
62 KB 688ms
631ms Document
text/html 199.127.61.68
ReliableSite.Net LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 199.127.61.68 Las Vegas, United States, ASN23470 (RELIABLESITE - ReliableSite.Net LLC, US),
Reverse DNS
Software: nginx/1.12.1 / PHP/7.2.11
Resource Hash: 85a9a40122e6882d47a707fc9c2c5f768fa93840bae7c663ec75de48c1f95251

Request headers

Host: malware366.rssing.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Server: nginx/1.12.1
Date: Wed, 08 Jan 2020 19:35:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.11
Set-Cookie: rl=sM5Fn1uj2N11k53U7348; path=/; domain=.rssing.com; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS

GET
H/1.1 200
OK rss.css
www.rssing.com/inc/css/ 13 KB
3 KB 50ms
36ms Stylesheet
text/css 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rssing.com/inc/css/rss.css
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27335a35883abf54d38c4a756137974c3722e752b5b53b0c75d65915a61b8320

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 2511
Last-Modified: Wed, 26 Dec 2018 20:02:29 GMT
Server: cloudflare
ETag: "3397-57df24f45bd42-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d84fdd3d729-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK rssing.js Show response
www.rssing.com/inc/js/ 21 KB
6 KB 51ms
37ms Script
application/javascript 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rssing.com/inc/js/rssing.js
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7718b6dc6c02d166015e3083c9d212a7e145b781d83e1a15eb86d1a55ffd1c8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 5745
Last-Modified: Tue, 31 Dec 2019 11:50:37 GMT
Server: cloudflare
ETag: "530d-59afe918ba10e-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d84ff03dfe7-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK imging.js Show response
www.rssing.com/inc/js/ 9 KB
3 KB 51ms
38ms Script
application/javascript 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://www.rssing.com/inc/js/imging.js
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52864570f95a0370779c43aa5887a3abd049995720bd379c30a52ea9ce844cdb

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 2748
Last-Modified: Mon, 12 Dec 2016 20:30:48 GMT
Server: cloudflare
ETag: "2394-5437bfa9a2e00-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d84fafac290-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK / Show response
services.bilsyndication.com/adv1/ 274 B
904 B 150ms
143ms Script
application/javascript 2606:4700:10::6814:ec10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://services.bilsyndication.com/adv1/?d=1368
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ec10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b7b89caabb6dc09eaa685f81d240ca8950396d8e1d3fd5ca56551db7dde98c0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Last-Modified: Wed, 8 Jan 2020 14:35:33 GMT
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209d84eb6cbebf-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Expires: on, 01 Jan 1970 00:00:00 GMT

GET
H2

200

addthis_widget.js Show response
s7.addthis.com/js/300/
Redirect Chain

http://s7.addthis.com/js/300/addthis_widget.js
https://s7.addthis.com/js/300/addthis_widget.js

349 KB
113 KB

93ms
28ms

Script
application/javascript

23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 30 Oct 2019 19:35:04 GMT
server: nginx/1.15.8
etag: "5db9e5e8-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Wed, 08 Jan 2020 19:35:34 GMT
x-host: s7.addthis.com
content-length: 114924

Redirect headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
Server: nginx/1.15.8
X-Distribution: 99
Content-Type: text/html
Location: https://s7.addthis.com/js/300/addthis_widget.js
X-Host: s7.addthis.com
Connection: keep-alive
Content-Length: 171

GET
H/1.1 200
OK search_icon.jpg
www.rssing.com/inc/img/ 2 KB
3 KB 50ms
37ms Image
image/jpeg 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/search_icon.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe501f00bdfc8308e3735869ed4e4f5cdaf85d5ffc96426d165a0dbe23735f50

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 2115
Last-Modified: Fri, 18 Feb 2011 19:01:50 GMT
Server: cloudflare
ETag: "843-49c93257e4380"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d84fa5ddfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK matult.jpg
www.rssing.com/inc/img/ 1 KB
2 KB 11ms
10ms Image
image/jpeg 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/matult.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 968106bd5e3b070fea7365377dc7494ff8de7c44524defc0e8e91de7e2280e28

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 1237
Last-Modified: Fri, 26 Aug 2016 13:41:20 GMT
Server: cloudflare
ETag: "4d5-53af9ab5fc000"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d853fb4dfe7-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK icon_arrpw_green.gif
www.rssing.com/inc/img/ 338 B
846 B 11ms
11ms Image
image/gif 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/icon_arrpw_green.gif
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b0b279fb5cd954f044a748f1c992e5732b71351947435a8ca04c3ba26831f12

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 338
Last-Modified: Fri, 18 Feb 2011 19:01:50 GMT
Server: cloudflare
ETag: "152-49c93257e4380"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d854bd6c290-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK tmbtn.png
www.rssing.com/inc/img/ 3 KB
3 KB 12ms
11ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tmbtn.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb487ba5553ebed70e297978f8e15d1ac18f96959e2bc7d68bab786e984042a1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 2991
Last-Modified: Fri, 26 Aug 2016 13:42:11 GMT
Server: cloudflare
ETag: "baf-53af9ae69f2c0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d854b6bdfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK tsbtn.png
www.rssing.com/inc/img/ 4 KB
4 KB 9ms
8ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tsbtn.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: def71a10ebaddc43aa9404a5071b8580f023260ec128cf97a20eb86990fa038e

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 304
Connection: keep-alive
Content-Length: 3790
Last-Modified: Fri, 26 Aug 2016 13:41:36 GMT
Server: cloudflare
ETag: "ece-53af9ac53e400"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d854ee5d729-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1

200
OK

free_download.png
greatis.com/blog/pics/
Redirect Chain

http://greatis.com//blog/pics/free_download.png
https://greatis.com/blog/pics/free_download.png

5 KB
5 KB

514ms
172ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/pics/free_download.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 4618dd3b5c277f83194fb6f96bba66d7ad25fc03aff325d8b5d27ac0badcf5fa

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Thu, 29 Sep 2016 12:30:50 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 4996

Redirect headers

Location: https://greatis.com/blog/pics/free_download.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

10.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/10.png
https://greatis.com/blog/wp-content/uploads/2017/05/10.png

22 KB
22 KB

514ms
173ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/10.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: b418dd4bbe003bd8cb7ba41e3b8e11e0089e9ac64d77c02749890ebf31b3dfb1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Wed, 10 May 2017 15:00:48 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 22026

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/10.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

2ways.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/2ways.png
https://greatis.com/blog/img/2ways.png

5 KB
5 KB

593ms
200ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/2ways.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 6094177e3abd29ee6285417a89b8bb313f049c530d1d1e1b45fcaacae6ebff72

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Mon, 03 Apr 2017 13:19:56 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 4754

Redirect headers

Location: https://greatis.com/blog/img/2ways.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

automatically.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/automatically.png
https://greatis.com/blog/img/automatically.png

1 KB
2 KB

532ms
180ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/automatically.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: cafefbc589e23aa0565b21bd287b43a3b6c9609e258067d6aadcde558946114b

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Mon, 03 Apr 2017 13:19:52 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 1282

Redirect headers

Location: https://greatis.com/blog/img/automatically.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

manually.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/manually.png
https://greatis.com/blog/img/manually.png

1 KB
1 KB

692ms
177ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/manually.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 63583c19f4a8db7941daf19d5790306b6774edf4537385507189502d5e318651

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Mon, 03 Apr 2017 13:19:54 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 1188

Redirect headers

Location: https://greatis.com/blog/img/manually.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 225
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

installed-programs.png
info.greatis.com/wp-content/uploads/2016/11/
Redirect Chain

http://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png
https://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png

11 KB
11 KB

514ms
173ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 906f7df4c0b97c4a3279af00afb3b7d2298dad3c7eb2f52a11f75e9be7ebb462

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Tue, 22 Nov 2016 13:17:39 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 11434

Redirect headers

Location: https://info.greatis.com/wp-content/uploads/2016/11/installed-programs.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 258
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

remove-virus-proceses.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/remove-virus-proceses.png
https://greatis.com/blog/img/remove-virus-proceses.png

13 KB
14 KB

594ms
178ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/remove-virus-proceses.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: e3570417f9ed848ec223097b745a62d41764f03319d41247d79360b895c478b5

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Fri, 25 Nov 2016 08:53:34 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 13658

Redirect headers

Location: https://greatis.com/blog/img/remove-virus-proceses.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

remove-virus-from-services.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/remove-virus-from-services.png
https://greatis.com/blog/img/remove-virus-from-services.png

6 KB
6 KB

186ms
186ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/remove-virus-from-services.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 7053c1c3845c3e57f701b1d858e9599be64b41763761b6d6f45b88202320f882

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Fri, 25 Nov 2016 08:53:30 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 5835

Redirect headers

Location: https://greatis.com/blog/img/remove-virus-from-services.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

run-scheduler.png
info.greatis.com/wp-content/uploads/2016/11/
Redirect Chain

http://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png
https://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png

6 KB
6 KB

513ms
173ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 3c769a70e2d63291c02a8ee996693da240f58393031ae26856017d69d5536c5a

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Wed, 23 Nov 2016 13:19:51 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 5793

Redirect headers

Location: https://info.greatis.com/wp-content/uploads/2016/11/run-scheduler.png
Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 253
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

remove-virus-from-registry.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com/blog/img/remove-virus-from-registry.png
https://greatis.com/blog/img/remove-virus-from-registry.png

5 KB
6 KB

187ms
186ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/remove-virus-from-registry.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 4499684b2ccb73b837644e441904cb272493233e9b0ced737ffbb95d42453592

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Fri, 25 Nov 2016 08:53:24 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 5408

Redirect headers

Location: https://greatis.com/blog/img/remove-virus-from-registry.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

remove-virus-chrome-extensions.png
greatis.com/blog/wp-content/uploads/2016/10/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png
https://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png

18 KB
19 KB

178ms
178ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: a4b3208aa6866b4fd4d4c6e62cd0ab70f2d85704d3ef149e70af9c6597253129

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Thu, 20 Oct 2016 17:10:48 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 18826

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2016/10/remove-virus-chrome-extensions.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

set-internet-explorer-homepage.png
greatis.com/blog/wp-content/uploads/2016/10/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png
https://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png

12 KB
13 KB

192ms
192ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: a38f94fa11f02dd373b23da5fd03ab35592f9706e93a0e29a673b6ec41e79aa6

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Thu, 20 Oct 2016 18:10:33 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 12717

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2016/10/set-internet-explorer-homepage.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

set-firefox-home-page.png
greatis.com/blog/wp-content/uploads/2016/10/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png
https://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png

12 KB
12 KB

175ms
174ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: dff1b923ca0cd778d39f55ef29c8a5636ca8ab00e76c625a0d9d4a6b8cc32811

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Sun, 16 Oct 2016 14:47:55 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 11870

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2016/10/set-firefox-home-page.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

download-removal-tool-g.png
greatis.com/blog/img/
Redirect Chain

http://greatis.com//blog/img/download-removal-tool-g.png
https://greatis.com/blog/img/download-removal-tool-g.png

5 KB
5 KB

171ms
170ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/img/download-removal-tool-g.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: fc1f1b37f23054516ffa65e76c9ec0c12f1ddd4e9d947089c7e8b5e567664564

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Mon, 01 May 2017 12:46:16 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 4673

Redirect headers

Location: https://greatis.com/blog/img/download-removal-tool-g.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK verified_publisher_greatis_software.png
s3.amazonaws.com/greatis/ 6 KB
7 KB 380ms
366ms Image
image/png 52.216.170.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s3.amazonaws.com/greatis/verified_publisher_greatis_software.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 52.216.170.101 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f17f97144c89da4fb0ec3a042a9881bb77640a8cf6a90d7381c3473511b57072

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Thu, 24 Mar 2016 10:38:31 GMT
Server: AmazonS3
x-amz-request-id: 3C48BAD9CD5B4DB9
ETag: "a8c2c1d9445b8201f7745a7e0f5c967b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6564
x-amz-id-2: XRXPcG2DXz3m26I3krvB42ip2NIGS6ieEgzf/c99Hfu82sdB1fTn0zgc1rjVnYbo0aFksCK/0Wo=

GET
H/1.1 200
OK unhackme_remove_virus.png
s3.amazonaws.com/greatis/ 6 KB
7 KB 222ms
208ms Image
image/png 52.216.170.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s3.amazonaws.com/greatis/unhackme_remove_virus.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 52.216.170.101 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f182533e3e4d7cf79eee75d231b09f827e86401c1fd19ffb2fb9d966cbbd612b

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Thu, 24 Mar 2016 10:38:34 GMT
Server: AmazonS3
x-amz-request-id: A825F2976A022E34
ETag: "9f7dd7e88a59f1262b4a542ab29eb8d7"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6439
x-amz-id-2: GKu3S/S+AeYrYETuaHkcIM85qQZZq+qGuUJbutBpjxP6wE5uygD05OpCWtVk/L9Hqz8sPGPCY5o=

GET
H/1.1 200
OK click.gif
www.rssing.com/inc/img/ 364 B
872 B 14ms
13ms Image
image/gif 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/click.gif
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c057093ad15fb84ce967a97987e18385442409eef75182c2be898ab6e9c64880

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 159
Connection: keep-alive
Content-Length: 364
Last-Modified: Fri, 19 Sep 2014 20:34:52 GMT
Server: cloudflare
ETag: "16c-50371087ab300"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d87399fdfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK tup-blue.png
www.rssing.com/inc/img/ 1 KB
2 KB 12ms
11ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tup-blue.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e95883a2c9e12d23a13e60fc41914b9bf9c4798f44eb5a767a4059ea82b0e9c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 306
Connection: keep-alive
Content-Length: 1044
Last-Modified: Fri, 26 Aug 2016 13:41:32 GMT
Server: cloudflare
ETag: "414-53af9ac16db00"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d874d3cd729-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK tdown-blue.png
www.rssing.com/inc/img/ 975 B
1 KB 70ms
69ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tdown-blue.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f879d2111d4b25a75431d36227b63c2b73d5da275b90f4da31e2638d8c42fc50

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 975
Last-Modified: Fri, 26 Aug 2016 13:42:22 GMT
Server: cloudflare
ETag: "3cf-53af9af11cb80"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d874a32c290-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK sbtn.png
www.rssing.com/inc/img/ 4 KB
4 KB 69ms
64ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/sbtn.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac2fb0e6f9f3aba9c8509ef817f492a610e1929771ff2b45769743e72180b8d2

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 159
Connection: keep-alive
Content-Length: 3905
Last-Modified: Fri, 13 Feb 2015 23:34:17 GMT
Server: cloudflare
ETag: "f41-50f00accbb040"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d8749f8dfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK sfw.jpg
www.rssing.com/inc/img/ 2 KB
2 KB 70ms
65ms Image
image/jpeg 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/sfw.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c2f4c6e63e549fbabf1d45c8da8565550fd458ad2574f6b0574761f240c43a7

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 158
Connection: keep-alive
Content-Length: 2011
Last-Modified: Tue, 03 Apr 2018 17:37:56 GMT
Server: cloudflare
ETag: "7db-568f52aafe500"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d875a5197c6-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK 18plus.jpg
www.rssing.com/inc/img/ 4 KB
5 KB 67ms
66ms Image
image/jpeg 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/18plus.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d64ef7f2d2593fa249e0c394dff95c48d03921ee278b1dab4f73b05cb46f1fb0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 158
Connection: keep-alive
Content-Length: 4467
Last-Modified: Mon, 11 Jun 2018 19:46:05 GMT
Server: cloudflare
ETag: "1173-56e6300099940"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d875806d6c9-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1

200
OK

quant.js Show response
edge.quantserve.com/
Redirect Chain

http://edge.quantserve.com/quant.js
https://edge.quantserve.com/quant.js?https_upg=1

13 KB
6 KB

149ms
26ms

Script
application/x-javascript

91.228.74.240
Quantcast Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.quantserve.com/quant.js?https_upg=1
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.240 , United Kingdom, ASN27281 (QUANTCAST - Quantcast Corporation, US),
Reverse DNS
Software: QS /
Resource Hash: e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08-Jan-2020 19:35:34 GMT
Server: QS
ETag: M0-56c8c653
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Connection: keep-alive
Content-Length: 5651
Expires: Wed, 15 Jan 2020 19:35:34 GMT

Redirect headers

Location: https://edge.quantserve.com/quant.js?https_upg=1
Date: Wed, 08 Jan 2020 19:35:34 GMT
Cache-Control: private, no-transform, max-age=86400
Server: QS
Connection: keep-alive
Content-Length: 0
Expires: Thu, 09 Jan 2020 19:35:34 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

43 KB
17 KB

6ms
5ms

Script
text/javascript

2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3719
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK bg_long.gif
www.rssing.com/inc/img/ 2 KB
3 KB 11ms
10ms Image
image/gif 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/bg_long.gif
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a46213c7ea74639385fcf10dfaab5b354800425286b8a5c5f1c0775351954125

Request headers

Referer: http://www.rssing.com/inc/css/rss.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 140
Connection: keep-alive
Content-Length: 2211
Last-Modified: Fri, 18 Feb 2011 19:01:50 GMT
Server: cloudflare
ETag: "8a3-49c93257e4380"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d856bd6dfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK icon_arrow_large.gif
www.rssing.com/inc/img/ 691 B
1 KB 10ms
10ms Image
image/gif 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/icon_arrow_large.gif
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 887fef6995bfb14ae2e73521d26c1b539c8c91ddbd1d4f11a7cf0139bc7d81f3

Request headers

Referer: http://www.rssing.com/inc/css/rss.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:33 GMT
CF-Cache-Status: HIT
Age: 140
Connection: keep-alive
Content-Length: 691
Last-Modified: Fri, 18 Feb 2011 19:01:50 GMT
Server: cloudflare
ETag: "2b3-49c93257e4380"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d856f49d729-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1

200
OK

7.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/7.png
https://greatis.com/blog/wp-content/uploads/2017/05/7.png

23 KB
23 KB

176ms
176ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/7.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 0be47ce6432fce52f77a1938b6cbcaeacdfd782dfd33f068aa50cda6bbd494aa

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:59:27 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 23652

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/7.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

4.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/4.png
https://greatis.com/blog/wp-content/uploads/2017/05/4.png

21 KB
22 KB

176ms
176ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/4.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 79dacfd985cd25ee1b544920f1fcfd939becead723b7c229cc76750c5fc6877a

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:49:18 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 21958

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/4.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

9.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/9.png
https://greatis.com/blog/wp-content/uploads/2017/05/9.png

24 KB
24 KB

165ms
164ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/9.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 614c2cf2cd0b54228b461c4328c349e6bced4ea564c8b9b6157cd6fdec6f3914

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 15:00:20 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 24726

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/9.png
Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

5.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/5.png
https://greatis.com/blog/wp-content/uploads/2017/05/5.png

23 KB
23 KB

179ms
178ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/5.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 84297f43479d6ba9e67717a72917631b49452610bf183d715b0f07863955dc9f

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:55:16 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 23216

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/5.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

21.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/21.png
https://greatis.com/blog/wp-content/uploads/2017/05/21.png

21 KB
22 KB

178ms
178ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/21.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 4f6efca4ace0b2d91544035cc2a1bf21c3823b3781674e8b44e008e04d6d6e93

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:54:39 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 22000

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/21.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

11.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/11.png
https://greatis.com/blog/wp-content/uploads/2017/05/11.png

25 KB
25 KB

179ms
178ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/11.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 294ded360bf10418bcc0a46507bd715f44a43f14741cc6a044552945ee419474

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:53:47 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=98
Content-Length: 25409

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/11.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

8.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/8.png
https://greatis.com/blog/wp-content/uploads/2017/05/8.png

20 KB
21 KB

171ms
171ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/8.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: b20f6ba8c611fe1b6fc92f028a3cb91249d7bbbb7f97e504004c33e48d4da01e

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:59:52 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=97
Content-Length: 20718

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/8.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

111.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/111.png
https://greatis.com/blog/wp-content/uploads/2017/05/111.png

21 KB
21 KB

171ms
171ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/111.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 4272145094377f201c29362a72f42f4432eba1e20583941920c409e38703d2fc

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 15:01:18 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=97
Content-Length: 21398

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/111.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/jsv1/1578504380/ 210 KB
59 KB 90ms
76ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Requested by

Host: services.bilsyndication.com
URL: http://services.bilsyndication.com/adv1/?d=1368

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a8b52a8a43a66424907da2dda38ee26c1226d16566e027312dabe5e6f754756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 7714
Cf-Polished: origSize=215574
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
X-Sv: 67.58
Cache-Control: public, max-age=16070400
CF-RAY: 55209d87df5b63a7-FRA

GET
H/1.1

200
OK

3.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/3.png
https://greatis.com/blog/wp-content/uploads/2017/05/3.png

22 KB
23 KB

170ms
170ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/3.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: f1a5ab6be644685ce655a44f5872c71408435e96e99cf2fdae4e6a40b72ac685

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 10 May 2017 14:48:30 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=97
Content-Length: 22937

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/3.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 123ms
25ms Script
application/x-javascript 23.210.250.213
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: FBAF69B7861DE212
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=35939
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=

GET
H/1.1 200
OK star_empty.png
www.rssing.com/inc/img/ 856 B
1 KB 11ms
11ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/star_empty.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d684faa13c4b9d92bb521f94889068500d7d0821c20328dcaefb0a47d6dfb8e

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 305
Connection: keep-alive
Content-Length: 856
Last-Modified: Fri, 26 Aug 2016 13:41:22 GMT
Server: cloudflare
ETag: "358-53af9ab7e4480"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d871922dfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK star_half.png
www.rssing.com/inc/img/ 871 B
1 KB 13ms
9ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/star_half.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a90a3ecb7e28ac78bc33543cb1e12aa10734aef5c847106fdb3e9f278d5bb00

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 158
Connection: keep-alive
Content-Length: 871
Last-Modified: Fri, 26 Aug 2016 13:40:16 GMT
Server: cloudflare
ETag: "367-53af9a78f3000"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d886cdad6c9-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK star_full.png
www.rssing.com/inc/img/ 950 B
1 KB 10ms
10ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/star_full.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3db9817aad542983eb70b0f371cad4a37b48250d7de76938b88c6047f28c8b8c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 158
Connection: keep-alive
Content-Length: 950
Last-Modified: Fri, 26 Aug 2016 13:42:18 GMT
Server: cloudflare
ETag: "3b6-53af9aed4c280"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d886dd6dfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H2

200

rssing.com.774883.js Show response
jsc.adskeeper.co.uk/r/s/
Redirect Chain

http://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819

112 KB
31 KB

111ms
33ms

Script
text/javascript

104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d40f01f4c9ecb0b31d220f848162de0c11db7c007b8239ec57ba60dc0d25cfce

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 66
cf-polished: origSize=114754
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-amz-request-id: 23BCEFCBA33A8A43
x-amz-id-2: KvyOFg1HJWS/F6geZImYwRGFo01Hlp/eEzMCaDFwbyD9x/Y9H7N2WbJM9wGJmsmEtc334456Kw0=
last-modified: Fri, 03 Jan 2020 13:52:10 GMT
server: cloudflare
etag: W/"aa0529adf8b4635b3e1fbf64e7ea1ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Wed, 08 Jan 2020 23:35:34 GMT
cache-control: public, max-age=14400
cf-ray: 55209d8aee552b80-AMS
cf-bgj: minify

Redirect headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209d88a85fbf3c-AMS
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Expires: Wed, 08 Jan 2020 20:35:34 GMT

GET
H/1.1 200
OK tup-gray.png
www.rssing.com/inc/img/ 981 B
1 KB 10ms
9ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tup-gray.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4202a5cf68c1a9d3d712cc5403277af65e3ee6e1bbcfe1d4c2c0a3f29420ff1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 153
Connection: keep-alive
Content-Length: 981
Last-Modified: Fri, 26 Aug 2016 13:42:09 GMT
Server: cloudflare
ETag: "3d5-53af9ae4b6e40"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d887e0adfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK tdown-gray.png
www.rssing.com/inc/img/ 1002 B
1 KB 69ms
69ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/tdown-gray.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 772bd1d983dd021c281365a845d42688e2cefc599a3d6eb513705f55947976a6

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 153
Connection: keep-alive
Content-Length: 1002
Last-Modified: Fri, 26 Aug 2016 13:41:30 GMT
Server: cloudflare
ETag: "3ea-53af9abf85680"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d888e59dfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame F21D 0
0 84ms
83ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cache-control: no-cache
content-type: text/html; charset=utf-8
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=6ldvLzmasW8; path=/; domain=.youtube.com; secure; expires=Mon, 06-Jul-2020 19:35:34 GMT; httponly; samesite=None YSC=cK-hNRA2VfU; path=/; domain=.youtube.com; httponly VISITOR_INFO1_LIVE=6ldvLzmasW8; path=/; domain=.youtube.com; secure; expires=Mon, 06-Jul-2020 19:35:34 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Wed, 08-Jan-2020 20:05:34 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK icon_arrow.gif
www.rssing.com/inc/img/ 54 B
560 B 68ms
67ms Image
image/gif 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/icon_arrow.gif
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bab51dcce37f69bc74194cd7d15a686348cc76109a4f1b195887090d0ba8fdf8

Request headers

Referer: http://www.rssing.com/inc/css/rss.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 139
Connection: keep-alive
Content-Length: 54
Last-Modified: Fri, 18 Feb 2011 19:01:50 GMT
Server: cloudflare
ETag: "36-49c93257e4380"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d874f01dfe7-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H/1.1 200
OK shortcut.png
s3.amazonaws.com/greatis/ 7 KB
8 KB 497ms
131ms Image
image/png 52.216.170.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/greatis/shortcut.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.170.101 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4d83ebd70f8d969eb329fa9a6f52b174e6a8cc37e977cd5f8ab4c49d53755ecc

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Last-Modified: Wed, 30 Sep 2015 10:42:57 GMT
Server: AmazonS3
x-amz-request-id: 16FF82E98651B954
ETag: "6de5a398fec067de678c2d4799d30145"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 7665
x-amz-id-2: RWXmT1PEK6bU4k88D2BgudAmXTdBrLyImezEyy9pSBeI/EAbYsvYlUcD21KWD1fsy18eUyk3rAA=

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame D5D1 0
0 100ms
91ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
expires: Tue, 27 Apr 1971 19:44:06 GMT
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
cache-control: no-cache
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=G-ffIt-6bO4; path=/; domain=.youtube.com; secure; expires=Mon, 06-Jul-2020 19:35:34 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=G-ffIt-6bO4; path=/; domain=.youtube.com; secure; expires=Mon, 06-Jul-2020 19:35:34 GMT; httponly; samesite=None YSC=DolYYnAsyLo; path=/; domain=.youtube.com; httponly GPS=1; path=/; domain=.youtube.com; expires=Wed, 08-Jan-2020 20:05:34 GMT
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1

200
OK

6.png
greatis.com/blog/wp-content/uploads/2017/05/
Redirect Chain

http://greatis.com/blog/wp-content/uploads/2017/05/6.png
https://greatis.com/blog/wp-content/uploads/2017/05/6.png

21 KB
21 KB

177ms
176ms

Image
image/png

208.76.245.34
Crucial Paradigm

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://greatis.com/blog/wp-content/uploads/2017/05/6.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.76.245.34 Dallas, United States, ASN20202 (CRUCIAL - Crucial Paradigm, US),
Reverse DNS: s497.c4.crucialp.com
Software: Apache / W3 Total Cache/0.9.1.3
Resource Hash: 5178f29715f52023aafba8a95e2ec04574121cd98b583655501372f4aba956c8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:37 GMT
Last-Modified: Wed, 10 May 2017 14:58:55 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=97
Content-Length: 21298

Redirect headers

Location: https://greatis.com/blog/wp-content/uploads/2017/05/6.png
Date: Wed, 08 Jan 2020 19:35:36 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame F619 0
0 92ms
90ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: VISITOR_INFO1_LIVE=6ldvLzmasW8; YSC=cK-hNRA2VfU; GPS=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
content-encoding: br
cache-control: no-cache
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame A64B 0
0 68ms
67ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: VISITOR_INFO1_LIVE=6ldvLzmasW8; YSC=cK-hNRA2VfU; GPS=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
x-content-type-options: nosniff
cache-control: no-cache
strict-transport-security: max-age=31536000
content-encoding: br
content-type: text/html; charset=utf-8
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 6493 0
0 69ms
69ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: VISITOR_INFO1_LIVE=6ldvLzmasW8; YSC=cK-hNRA2VfU; GPS=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
content-encoding: br
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 095C 0
0 96ms
91ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 03F6 0
0 94ms
92ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
content-encoding: br
x-content-type-options: nosniff
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK heartit-32.png
www.rssing.com/inc/img/ 1 KB
2 KB 15ms
14ms Image
image/png 2606:4700:30::681b:8fe9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.rssing.com/inc/img/heartit-32.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:30::681b:8fe9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5068236ffcbd04a5d55fce58f139d3b3021c6d01e2aae64d083b8ac9fbfec35

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
CF-Cache-Status: HIT
Age: 306
Connection: keep-alive
Content-Length: 1512
Last-Modified: Fri, 26 Aug 2016 13:40:26 GMT
Server: cloudflare
ETag: "5e8-53af9a827c680"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 55209d88f81cdfcb-FRA
Access-Control-Allow-Headers: origin, x-requested-with, content-type

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 3BB5 0
0 50ms
49ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
expires: Tue, 27 Apr 1971 19:44:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-type: text/html; charset=utf-8
cache-control: no-cache
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame F7EC 0
0 68ms
68ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
expires: Tue, 27 Apr 1971 19:44:06 GMT
cache-control: no-cache
content-encoding: br
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2

200

collect
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Mal...
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Ma...

35 B
101 B

14ms
13ms

Image
image/gif

2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=360791829&gjid=2127492677&cid=2091740170.1578512135&tid=UA-17602094-1&_gid=1523315827.1578512135&_r=1&z=2063345287

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1235560671&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=How%20to%20Remove%20Malware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=360791829&gjid=2127492677&cid=2091740170.1578512135&tid=UA-17602094-1&_gid=1523315827.1578512135&_r=1&z=2063345287
Non-Authoritative-Reason: HSTS

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame D87A 0
0 60ms
60ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-encoding: br
content-type: text/html; charset=utf-8
cache-control: no-cache
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 200
OK ads-by.jpg
s3.amazonaws.com/greatis/ 5 KB
5 KB 334ms
200ms Image
image/jpeg 52.216.170.101
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/greatis/ads-by.jpg
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.170.101 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 96a3bf5525351360491c69de39bb7ad68600b2873a82b766dcdd25f4e4746377

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Last-Modified: Wed, 30 Sep 2015 10:42:59 GMT
Server: AmazonS3
x-amz-request-id: 25531A76419E4135
ETag: "ab010e40a0fba9675bc8d811e59115c2"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 5225
x-amz-id-2: iAkUBG2tjz5jWmF8F6U+NW8YVLHyS0UicoOQBIUS/TxAwttEN8VKXMzWPS2of28wPoc4pSSX+54=

GET
H/1.1 200
OK cmp.complete.bundle.js Show response
assets.bilsyndication.com/plugins/cmpv2/ 175 KB
46 KB 85ms
78ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://assets.bilsyndication.com/plugins/cmpv2/cmp.complete.bundle.js
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fac7e040c9b4361bc6f582798fa84bae6af18b4d166825fe2eb4011148e4f625

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 993793
Cf-Polished: origSize=179254
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Last-Modified: Fri, 01 Nov 2019 05:04:50 GMT
Server: cloudflare
ETag: W/"5dbbbcf2-2bc36"
Vary: Accept-Encoding
Content-Type: application/javascript
Cf-Bgj: minify
Cache-Control: max-age=16070400
CF-RAY: 55209d8b0a486509-FRA
Expires: Sat, 28 Dec 2019 08:02:21 GMT

GET
H/1.1 200
OK prebid-v2.44.6.js Show response
assets.bilsyndication.com/prebid/default/ 314 KB
100 KB 19ms
17ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b60bccde87ada56d1106446525dd4851b7669a3d429ae856dfa1bab4dde70d85

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 352638
Cf-Polished: origSize=321709
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Last-Modified: Sat, 04 Jan 2020 17:38:09 GMT
Server: cloudflare
ETag: W/"5e10cd81-4e8ad"
Vary: Accept-Encoding
Content-Type: application/javascript
Cf-Bgj: minify
Cache-Control: max-age=16070400
CF-RAY: 55209d8b9b0c6509-FRA
Expires: Sat, 04 Jan 2020 18:08:16 GMT

GET
H/1.1 200
OK viPlayer_v28.js Show response
assets.bilsyndication.com/plugins/vlPlayer/ 11 KB
5 KB 75ms
72ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://assets.bilsyndication.com/plugins/vlPlayer/viPlayer_v28.js
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a7b6866f148be34fe36ae389d823f29f31d345dbd3b59a532fc6dad37663dc5

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:34 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1033996
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Last-Modified: Fri, 27 Dec 2019 20:10:04 GMT
Server: cloudflare
ETag: W/"5e06651c-2bfc"
Vary: Accept-Encoding
Content-Type: application/javascript
Cf-Bgj: minify
Cache-Control: max-age=16070400
CF-RAY: 55209d8bafd1bf14-FRA
Expires: Fri, 27 Dec 2019 20:52:18 GMT

GET
H/1.1 200
OK ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 270 KB
92 KB 66ms
58ms Script
text/javascript 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

c612786520975231822586a9890d1ce53d7106bdea13903c26dc36f37f7818b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Length: 93653
X-XSS-Protection: 0
Expires: Wed, 08 Jan 2020 19:35:35 GMT

GET
H/1.1 200
OK sf_host.min.js Show response
assets.bilsyndication.com/plugins/safeframe/src/js/ 38 KB
17 KB 13ms
12ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://assets.bilsyndication.com/plugins/safeframe/src/js/sf_host.min.js
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 01 Nov 2019 05:04:50 GMT
Server: cloudflare
Age: 993791
ETag: W/"5dbbbcf2-9806"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=16070400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209d8c1866bf14-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Expires: Sat, 28 Dec 2019 08:02:24 GMT

GET
H2

200

impimg.gif
pre.glotgrx.com/
Redirect Chain

https://flx907.lporirxe.com/flp/impimg.php?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%...
https://pre.glotgrx.com/impimg.gif?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%3B%20Int...

26 B
539 B

81ms
57ms

Image
image/gif

2606:4700::6810:3f36
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/impimg.gif?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&lat=&lon=&flsrc=1
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:35 GMT
cf-cache-status: HIT
age: 6025
status: 200
content-type: image/gif
content-length: 26
x-amz-id-2: VSWUh3/eOBMG3i/G+VX08mQzi8STOT35dN9nTHefmjZne0dTb68AeDEfMW2/8xMJqj45JYwyz7o=
last-modified: Wed, 01 Nov 2017 15:37:36 GMT
server: cloudflare
etag: "6a43099d5c8fe991a7aa7ebaca53069d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 478DD43D83E25825
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 55209d8d9833bef6-FRA
expires: Wed, 08 Jan 2020 21:35:35 GMT

Redirect headers

date: Wed, 08 Jan 2020 19:35:35 GMT
server: cloudflare
location: https://pre.glotgrx.com/impimg.gif?qid=03032313f573032313f5730393&cid=907&p=&s=rssing.com&x=&nci=&adtg=&nai=&si=1368&pn=&h=&w=&bp=&pp=&ci=&ip=&ai=&di=&mm=&os=&ua=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F79.0.3945.88%20Safari%2F537.36&lat=&lon=&flsrc=1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
status: 301
cache-control: max-age=3600
cf-ray: 55209d8c3aafd725-FRA
expires: Wed, 08 Jan 2020 20:35:35 GMT

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 01BF 0
0 87ms
87ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
content-encoding: br
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
cache-control: no-cache
strict-transport-security: max-age=31536000
date: Wed, 08 Jan 2020 19:35:34 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 8DDE 0
0 81ms
78ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
strict-transport-security: max-age=31536000
cache-control: no-cache
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-type: text/html; charset=utf-8
content-encoding: br
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2

200

rules-p-KygWsHah2_7Qa.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js
https://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js

3 B
359 B

21ms
7ms

Script
application/x-javascript

2600:9000:2156:f000:6:44e3:f8c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:f000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 07 Jan 2020 21:35:53 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 20:28:45 GMT
server: AmazonS3
age: 79183
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: GA6602OIK5d0s-UsvaaJlqSXcXpWv9rDkDCFVrBJDC6bZMVgrDgzNw==

Redirect headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-KygWsHah2_7Qa.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: 5I4UCA6MFMr5ci0Y46KE6aHOZWiHWyaX3okRlGqQkUmGp_IgkIJVvA==

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 26BD 0
0 96ms
96ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
strict-transport-security: max-age=31536000
content-encoding: br
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame BA77 0
0 89ms
88ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
cache-control: no-cache
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame D418 0
0 70ms
69ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-encoding: br
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
cache-control: no-cache
strict-transport-security: max-age=31536000
content-type: text/html; charset=utf-8
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1 404
Not Found pubvendors.json Show response
malware366.rssing.com/.well-known/ 0
346 B 292ms
292ms Fetch
text/html 199.127.61.68
ReliableSite.Net LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://malware366.rssing.com/.well-known/pubvendors.json
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/plugins/cmpv2/cmp.complete.bundle.js
Protocol: HTTP/1.1
Server: 199.127.61.68 Las Vegas, United States, ASN23470 (RELIABLESITE - ReliableSite.Net LLC, US),
Reverse DNS
Software: nginx/1.12.1 / PHP/7.2.11
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Server: nginx/1.12.1
X-Powered-By: PHP/7.2.11
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Content-Length: 0

GET
DATA 200
OK truncated
/ 632 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b31062abec9d4536524232f02801803517829af29b44c85b59696d52bc7107cc

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 0EB8 0
0 55ms
54ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
content-encoding: br
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
strict-transport-security: max-age=31536000
cache-control: no-cache
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 mUdRVCMHGKUBOACHGTH1g-vvDin1pK8aKteLpeZ5c0A.woff
fonts.gstatic.com/s/roboto/v15/ 19 KB
19 KB 6ms
6ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v15/mUdRVCMHGKUBOACHGTH1g-vvDin1pK8aKteLpeZ5c0A.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1372ebaa0d371c6cbe8624b176d4ffbfc224abe9e3a2f3c6423910768a37d85c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 11:30:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 14 Jan 2015 22:48:53 GMT
server: sffe
age: 4262702
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 19684
x-xss-protection: 0
expires: Thu, 19 Nov 2020 11:30:33 GMT

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame EE4E 0
0 89ms
88ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
content-encoding: br
strict-transport-security: max-age=31536000
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 1 Show response
servicer.adskeeper.co.uk/774883/ 3 KB
2 KB 121ms
119ms Script
application/x-javascript 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.co.uk/774883/1?w=465&h=1388&cols=1&pv=5&cbuster=1578512135482598513681&uniqId=15231&consentData=&gdprApplies=false&ref=&lu=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&pageView=1&pvid=16f86a7b5838af2a41e&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56ecb21711dfe0f67f54d3d96fab158ae6dbef1adc755533dca5550a952483c4

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
content-type: application/x-javascript; charset=utf-8
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 55209d8f497c2b80-AMS
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 65ms
5ms XHR
application/json 2a04:4e42:3::621
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20200108

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

c137183b1a7a90b05c55b625b78140da3e4ffcfc80e649d69d19d6bd30a15a29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT
status: 200
content-length: 749
etag: W/"52d-bbenUo19apHRIMhdeSulz4C/f4Y"
x-served-by: cache-fra19120-FRA
date: Wed, 08 Jan 2020 19:35:35 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK 1572962750.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 64 KB
64 KB 88ms
87ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962750.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e4d7c071d72d7b41076bd9157a12ee75bf9058003642be197e9e59d418aee8c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 508151
Cf-Polished: qual=85, origFmt=jpeg, origSize=103947
Content-Disposition: inline; filename="1572962750.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 65248
Last-Modified: Tue, 05 Nov 2019 14:05:50 GMT
Server: cloudflare
ETag: "5dc181be-1960b"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d8fed73bf14-FRA
Expires: Thu, 02 Jan 2020 22:56:24 GMT

GET
H/1.1 200
OK 1572962700.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 73 KB
74 KB 13ms
12ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962700.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e43b4b0b9863a455cd365e568684a36eed8e112e18def64ef948bdd46606a0c4

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 80781
Cf-Polished: qual=85, origFmt=jpeg, origSize=119023
Content-Disposition: inline; filename="1572962700.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 75062
Last-Modified: Tue, 05 Nov 2019 14:05:00 GMT
Server: cloudflare
ETag: "5dc1818c-1d0ef"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d8ff8bf6509-FRA
Expires: Tue, 07 Jan 2020 21:39:14 GMT

GET
H/1.1 200
OK 1572962727.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 71 KB
72 KB 19ms
19ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962727.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4fbe596d715b3b1b1e0940ac7f03a3efca1131af6becd00395caeab690c0b64

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 505854
Cf-Polished: qual=85, origFmt=jpeg, origSize=130804
Content-Disposition: inline; filename="1572962727.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 72606
Last-Modified: Tue, 05 Nov 2019 14:05:28 GMT
Server: cloudflare
ETag: "5dc181a8-1fef4"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d8fe8c9c29a-FRA
Expires: Thu, 02 Jan 2020 23:34:41 GMT

GET
H/1.1 200
OK 1572962767.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 44 KB
44 KB 74ms
73ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962767.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769eb9ed7fcfd60268502d88c88a988ece4bd6608c60969b301341c0a1d9d373

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 81473
Cf-Polished: qual=85, origFmt=jpeg, origSize=78339
Content-Disposition: inline; filename="1572962767.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 44690
Last-Modified: Tue, 05 Nov 2019 14:06:07 GMT
Server: cloudflare
ETag: "5dc181cf-13203"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d9008d76509-FRA
Expires: Tue, 07 Jan 2020 21:27:41 GMT

GET
H/1.1 200
OK 1572962788.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 79 KB
80 KB 69ms
61ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962788.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d62946b49f357b8cc1f07015be1d56492da8ca2ab8f250769e7dc2ec4c0c7b2

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 507568
Cf-Polished: qual=85, origFmt=jpeg, origSize=111413
Content-Disposition: inline; filename="1572962788.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 80718
Last-Modified: Tue, 05 Nov 2019 14:06:28 GMT
Server: cloudflare
ETag: "5dc181e4-1b335"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d901aa3e003-FRA
Expires: Thu, 02 Jan 2020 23:06:07 GMT

GET
H/1.1 200
OK 1572962809.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 112 KB
112 KB 73ms
65ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962809.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b49eef1ad608db416865ce4695143b9c0cb14d5dea8ef2c508f12a1017980e3

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 86833
Cf-Polished: qual=85, origFmt=jpeg, origSize=150805
Content-Disposition: inline; filename="1572962809.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 114358
Last-Modified: Tue, 05 Nov 2019 14:06:49 GMT
Server: cloudflare
ETag: "5dc181f9-24d15"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d901f9cc303-FRA
Expires: Tue, 07 Jan 2020 19:58:22 GMT

GET
H/1.1 200
OK 1572962830.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 192 KB
192 KB 61ms
61ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962830.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a1ced149efa4f0f3d97221e4969ba6a4825773e7a2527294ab8449775676deb

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 993708
Cf-Polished: degrade=85, origSize=227959, status=webp_bigger
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 196097
Last-Modified: Tue, 05 Nov 2019 14:07:11 GMT
Server: cloudflare
ETag: "5dc1820f-37a77"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d901959c29a-FRA
Expires: Sat, 28 Dec 2019 08:03:47 GMT

GET
H/1.1 200
OK 1572962852.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 95 KB
95 KB 61ms
61ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962852.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79c8357f91117e26aa1df7b22d958615d34c0049081c816cae85ab12d91301ec

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 86892
Cf-Polished: qual=85, origFmt=jpeg, origSize=141774
Content-Disposition: inline; filename="1572962852.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 97036
Last-Modified: Tue, 05 Nov 2019 14:07:32 GMT
Server: cloudflare
ETag: "5dc18224-229ce"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d901d3ac2ef-FRA
Expires: Tue, 07 Jan 2020 19:57:23 GMT

GET
H/1.1 200
OK 1572962870.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame 34B5 103 KB
103 KB 34ms
34ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962870.jpg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0244fbaf12a3852351a4bd2f65d59c422660920c429bf16085453a0ed0c8911

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 81284
Cf-Polished: qual=85, origFmt=jpeg, origSize=151033
Content-Disposition: inline; filename="1572962870.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 105200
Last-Modified: Tue, 05 Nov 2019 14:07:50 GMT
Server: cloudflare
ETag: "5dc18236-24df9"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d9078f7c303-FRA
Expires: Tue, 07 Jan 2020 21:30:51 GMT

GET
H/1.1 200
OK 1572962750.jpg
assets.bilsyndication.com/widget/2019/11/05/ Frame DBB9 64 KB
64 KB 17ms
17ms Image
image/webp 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/widget/2019/11/05/1572962750.jpg
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e4d7c071d72d7b41076bd9157a12ee75bf9058003642be197e9e59d418aee8c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: HIT
Age: 508151
Cf-Polished: qual=85, origFmt=jpeg, origSize=103947
Content-Disposition: inline; filename="1572962750.webp"
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 65248
Last-Modified: Tue, 05 Nov 2019 14:05:50 GMT
Server: cloudflare
ETag: "5dc181be-1960b"
Vary: Accept
Content-Type: image/webp
Cf-Bgj: imgq:85
Cache-Control: max-age=16070400
Accept-Ranges: bytes
CF-RAY: 55209d907eacc2ef-FRA
Expires: Thu, 02 Jan 2020 22:56:24 GMT

GET
DATA 200
OK truncated
/ Frame DBB9 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DBB9 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK vi-logo.svg
assets.bilsyndication.com/media/icon/ Frame 34B5 11 KB
4 KB 10ms
10ms Image
image/svg+xml 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/media/icon/vi-logo.svg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 01 Nov 2019 05:04:49 GMT
Server: cloudflare
Age: 1803061
ETag: W/"5dbbbcf1-2c34"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=16070400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209d908acac29a-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H/1.1 200
OK vi-icon.svg
assets.bilsyndication.com/media/icon/ Frame DBB9 3 KB
2 KB 11ms
10ms Image
image/svg+xml 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/media/icon/vi-icon.svg
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 647f43cd0cfdbafe354249e2c9831cc97c843fe0e44a726febdfb956bd1d25c5

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 01 Nov 2019 05:04:49 GMT
Server: cloudflare
Age: 993790
ETag: W/"5dbbbcf1-dc6"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=16070400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209d908c3ce003-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H/1.1 200
OK /
logs.bilsyndication.com/sub/ 0
504 B 289ms
276ms Image
image/jpeg 2606:4700:10::6814:ec10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://logs.bilsyndication.com/sub/?d=rssing.com&h=malware366.rssing.com
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ec10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:35 GMT
CF-Cache-Status: MISS
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 55209d9098fc977e-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame A822 0
0 61ms
60ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 08 Jan 2020 19:35:35 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H/1.1

206
Partial Content

videoplayback
r3---sn-4g5e6nl7.googlevideo.com/ Frame DBB9
Redirect Chain

http://media.bilsyndication.com/vid/?id=aFXgSD-cpOM&t=y
https://redirector.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requiressl=yes...
https://r3---sn-4g5e6nl7.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requires...

8 MB
0

86ms
7ms

Media
video/mp4

2a00:1450:4001:4f::9
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5e6nl7.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ratebypass=yes&dur=528.346&lmt=1550579060563199&fvip=3&fexp=23842630&c=WEB&txp=2211222&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cratebypass%2Cdur%2Clmt&sig=ALgxI2wwRgIhAIyOTOekcyYcclEWt6CV8gIcdt1-6-u3jb2jBvUu6ZvIAiEAzPOXZWgIHnuo8sreZ4HM3n3tEqgo0FbstpH1nsL2y4U=&cms_redirect=yes&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nl7&ms=au&mt=1578512064&mv=m&mvi=2&pl=41&lsparams=mip,mm,mn,ms,mv,mvi,pl&lsig=AHylml4wRQIhAIL4hcCFebDiWrqrE7MSnEGR4X7QBgywU8lzWpgyOmpMAiBuKmgM1hC_eq9ZrBQ0plUNJrDOP7QfZjCF1WNfpNQXHg==

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:4f::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 19 Feb 2019 12:24:20 GMT
Server: gvs 1.0
Content-Type: video/mp4
Content-Range: bytes 0-96389817/96389818
Cache-Control: private, max-age=7076
Connection: close
Accept-Ranges: bytes
Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
Content-Length: 96389818
Expires: Wed, 08 Jan 2020 19:35:36 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:36 GMT
server: ClientMapServer
status: 302
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5e6nl7.googlevideo.com/videoplayback?expire=1578519512&ei=ePcVXsX4Ko6ngAfIsKzwCw&ip=185.220.101.0&id=o-AASf4PcrMz5WKhT6TmOEpCo1i-i-Fv47DwIYz6dkcawu&itag=22&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ratebypass=yes&dur=528.346&lmt=1550579060563199&fvip=3&fexp=23842630&c=WEB&txp=2211222&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cratebypass%2Cdur%2Clmt&sig=ALgxI2wwRgIhAIyOTOekcyYcclEWt6CV8gIcdt1-6-u3jb2jBvUu6ZvIAiEAzPOXZWgIHnuo8sreZ4HM3n3tEqgo0FbstpH1nsL2y4U=&cms_redirect=yes&mip=2a01:4f8:192:5414::2&mm=31&mn=sn-4g5e6nl7&ms=au&mt=1578512064&mv=m&mvi=2&pl=41&lsparams=mip,mm,mn,ms,mv,mvi,pl&lsig=AHylml4wRQIhAIL4hcCFebDiWrqrE7MSnEGR4X7QBgywU8lzWpgyOmpMAiBuKmgM1hC_eq9ZrBQ0plUNJrDOP7QfZjCF1WNfpNQXHg==
cache-control: no-cache, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 0C32 0
0 71ms
70ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
cache-control: no-cache
content-type: text/html; charset=utf-8
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expires: Tue, 27 Apr 1971 19:44:06 GMT
date: Wed, 08 Jan 2020 19:35:36 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 92 KB
17 KB 95ms
79ms Fetch
application/json 2600:9000:2156:c800:1:af78:4c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/plugins/cmpv2/cmp.complete.bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:c800:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40ee676e2be03d7fd9d7e0d5545fd32ee3d67467c95a18ede3ad02a277fd44f0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com

Response headers

date: Wed, 08 Jan 2020 19:35:37 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 02 Jan 2020 16:00:26 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: o.OQCswBtd.M8UXuxm7zgp.PHnwJtO91
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cache-control: max-age=604800
content-type: application/json; charset=utf-8
x-amz-cf-id: w0I6LuFNsH7c_5XSksJiF55W4Y-YKt3D0LwPlz5Sn0gh5AKXBJ75dg==

GET
H2 200 Io62Y_XGqYQ
www.youtube.com/embed/ Frame 3967 0
0 76ms
75ms Document
text/html 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Io62Y_XGqYQ?rel=0

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/Io62Y_XGqYQ?rel=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
cookie: GPS=1; VISITOR_INFO1_LIVE=G-ffIt-6bO4; YSC=DolYYnAsyLo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: br
date: Wed, 08 Jan 2020 19:35:36 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 i.js Show response
cm.adskeeper.co.uk/ 19 B
100 B 202ms
201ms Script
application/javascript 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i.js?cbuster=1578512136170651938479
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:36 GMT
content-encoding: br
cf-cache-status: MISS
content-type: application/javascript
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 55209d932c582b80-AMS
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 i-noref.js Show response
cm.adskeeper.co.uk/ Frame C531 19 B
192 B 189ms
188ms Script
application/javascript 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i-noref.js?cbuster=157851213618690556276
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/r/s/rssing.com.774883.js?t=20200819
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:36 GMT
content-encoding: br
cf-cache-status: MISS
content-type: application/javascript
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 55209d933c672b80-AMS
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 adskeeper_logo_mini_71x16.png
cdn.adskeeper.co.uk/images/ 796 B
1 KB 29ms
27ms Image
image/webp 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_logo_mini_71x16.png
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a768feb2cea958225615d935b23fa6e8ba7f366bc405d1267f1424244020dc

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
cf-cache-status: HIT
age: 2471
cf-polished: origFmt=png, origSize=2562
cf-ray: 55209d93bcba2b80-AMS
status: 200
content-disposition: inline; filename="adskeeper_logo_mini_71x16.webp"
cf-bgj: imgq:85
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 796
x-amz-id-2: JBp6HuzdZ/U+Rsa8zC7dzIZErqtL8sZXWsmgKIPWVZnQkNZIGpaqD7WqdYLRdNPoooy/If9iXsc=
last-modified: Thu, 26 Dec 2019 10:34:42 GMT
server: cloudflare
etag: "97fb3a072986fa1006cfbc27834841f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-amz-request-id: D38CA5F133838DBA
cache-control: public, max-age=14400
accept-ranges: bytes
content-type: image/webp
expires: Wed, 08 Jan 2020 23:35:36 GMT

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvMTU2ODA1LzZmNTE0NTEwOGZjMTg4MDZlNmFkZjA0ODljNGIzMjEwLmpwZw**.webp
s-img.adskeeper.co.uk/g/4821036/492x328/0x0x492x328/ 7 KB
7 KB 92ms
91ms Image
image/webp 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/4821036/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvMTU2ODA1LzZmNTE0NTEwOGZjMTg4MDZlNmFkZjA0ODljNGIzMjEwLmpwZw**.webp
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5de6ab18011f90e7025bc0fb783c6cc2ab76fded5322dabd7bbd14bfe35251e

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
cf-cache-status: HIT
age: 370738
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 7152
last-modified: Sat, 04 Jan 2020 12:36:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 55209d93bcbf2b80-AMS
expires: Thu, 07 Jan 2021 19:35:36 GMT

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvMTU2ODA1L2QzOGQ2ODFlNjlkMTg2YTVjYTUzMWQ4ZTE2ZjY4Mzc4LmpwZw**.webp
s-img.adskeeper.co.uk/g/4821048/492x328/0x0x492x328/ 21 KB
21 KB 83ms
82ms Image
image/webp 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/4821048/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvMTU2ODA1L2QzOGQ2ODFlNjlkMTg2YTVjYTUzMWQ4ZTE2ZjY4Mzc4LmpwZw**.webp
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a696929b2249e10b3b0657b3c1193b89b3a442bdb4c1919914f6addc51cba071

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
cf-cache-status: HIT
age: 181176
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 21680
last-modified: Mon, 06 Jan 2020 17:15:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 55209d93ccc22b80-AMS
expires: Thu, 07 Jan 2021 19:35:36 GMT

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTIvNDM5MDI5L2JhYjAzYjFiYmM0NWY3MzNjMDRiZjA3M2EwYmIyMTNmLmpwZw**.webp
s-img.adskeeper.co.uk/g/4771081/492x328/0x0x600x400/ 12 KB
12 KB 89ms
87ms Image
image/webp 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/4771081/492x328/0x0x600x400/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTIvNDM5MDI5L2JhYjAzYjFiYmM0NWY3MzNjMDRiZjA3M2EwYmIyMTNmLmpwZw**.webp
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bee9da8ec5c4616746cb8eae3841dc8a10176b3b18cdaf44d1fe5a055b78e60e

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
cf-cache-status: HIT
age: 1291733
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 12230
last-modified: Tue, 24 Dec 2019 20:46:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 55209d93bcc12b80-AMS
expires: Thu, 07 Jan 2021 19:35:36 GMT

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvNDU1MjY3L2NlNGNiMDM4OWJlZjJmMzczODM0OWRmNDI5OTVmM2UwLmpwZw**.webp
s-img.adskeeper.co.uk/g/4831883/492x328/0x0x492x328/ 7 KB
7 KB 82ms
80ms Image
image/webp 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/4831883/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDEvNDU1MjY3L2NlNGNiMDM4OWJlZjJmMzczODM0OWRmNDI5OTVmM2UwLmpwZw**.webp
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad7fb3ffb08e67d1bb6314ccf3777c684dc89a6927da392cb8cac91179cfeb02

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
cf-cache-status: HIT
age: 36359
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 6984
last-modified: Wed, 08 Jan 2020 09:28:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 55209d93bcc02b80-AMS
expires: Thu, 07 Jan 2021 19:35:36 GMT

GET
H/1.1 200
OK request.php Show response
malware366.rssing.com/ 41 B
523 B 572ms
571ms XHR
text/html 199.127.61.68
ReliableSite.Net LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://malware366.rssing.com/request.php?req=gr&qs=aa1caa15300800c16c0bbca3bbca2caa15300800c16c0bbca0bbca3caa15300800c0c36001bbca1c2bbca4caa15300800c0c36002bbca1c2bbca5caa15300800c0c36003bbca1c2bbca6caa15300800c0c36004bbca1c2bbca7caa15300800c0c36005bbca1c2bbca8caa15300800c0c36006bbca1c2bbca9caa15300800c0c36007bbca1c2bbca10caa15300800c0c36008bbca1c2bbca11caa15300800c0c36009bbca1c2bbca12caa15300800c0c36010bbca1c2bbca13caa15300800c0c36011bbca1c2bbca14caa15300800c0c36012bbca1c2bbca15caa15300800c0c36013bbca1c2bbca16caa15300800c0c36014bbca1c2bbca17caa15300800c0c36015bbca1c2bbca18caa15300800c0c36016bbca1c2bbca19caa15300800c0c36017bbca1c2bbca20caa15300800c0c36018bbca1c2bbca21caa15300800c0c36019bbca1c2bbca22caa15300800c0c36020bbca1c2bbb&url=%2Fchan-15300800%2Fall_p1801.html&pi=%5B1%2C15300800%2C1801%2C0%2C0%5D&dd=1600x1200
Requested by: Host: www.rssing.com
URL: http://www.rssing.com/inc/js/rssing.js
Protocol: HTTP/1.1
Server: 199.127.61.68 Las Vegas, United States, ASN23470 (RELIABLESITE - ReliableSite.Net LLC, US),
Reverse DNS
Software: nginx/1.12.1 / PHP/7.2.11
Resource Hash: 41a3e1c14ed57011f21539a8a0ef9cfb6db894d053bfa6f2ab5a207f0e47b5df

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 08 Jan 2020 19:35:36 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
X-Powered-By: PHP/7.2.11
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Content-Length: 61

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/mywesharemanager/ 2 KB
853 B 93ms
91ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/mywesharemanager/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 0e5696b8eed1574d3e00cd21ef2894ea05f78c970d7b6016556ed1ca3705b954

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:36 GMT
content-encoding: gzip
surrogate-key: mywesharemanager
server: Jetty(9.4.8.v20180619)
etag: -998341643--gzip
vary: Accept-Encoding
cache-tag: mywesharemanager
status: 200
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 612

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 30ms
29ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 08 Jan 2020 19:35:36 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 c
c.adskeeper.co.uk/ 43 B
455 B 139ms
138ms Image
image/gif 104.19.131.80
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.co.uk/c?f=1&pv=3&v=459|306|8|_yLomkof32i9Zsig-3eTiiU8MlR1O9IH708OXtDeheGVqA8aNHqv6FzU8d5CJeUK&fw=1&v=459|306|8|ynSotnfQ5-o3pQF2qeJzwOSU-rEkeWdHbxNvmfU7RyQFQe_qAt13wqMaytYT4bCw&cid=774883&h2=OTY4ep2zyBPEk6CUrMbW6vN-fy5S3o8nVYjDcujLCRw*&rid=0aa913ae-324e-11ea-8e60-d09466766346&tt=Direct&cbuster=1578512137579723919718&tpl=0
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.131.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:37 GMT
cf-cache-status: DYNAMIC
content-type: image/gif
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 55209d9bfa602b80-AMS
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 594 B
5 KB 224ms
102ms XHR
application/json 69.173.144.141
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20378&site_id=278820&zone_id=1392704&size_id=2&alt_size_ids=1&rp_schain=1.0,1!freegames66.com,1368,1,,,&rf=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&tk_flint=pbjs_lite_v2.44.0-pre&x_source.tid=4c0e4af8-cf23-47b5-a378-840017019fe4%3B1dcb927f-c1e4-4f71-af05-7ff5836161a5%3Bf268d275-fd81-41c4-b4ec-e407e391d0e8%3B29ec0fd9-efde-471f-b39b-955e7ab096a0&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&slots=4&rand=0.002420077605077342
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 9ad99a422f4d54c3eff7acdc7e38e3ccbf840c1cc37135479b844729fed8542c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:38 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=396
Content-Length: 594
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 993 B
2 KB 220ms
131ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%227ce7508e3bcfde%22%3A%22aebb700756e336ba0c5e%7C728x90%2C468x60%7Cf%3D0.1%22%2C%228888fc77ff9fc9%22%3A%22aebb700756e336ba0c5e%7C728x90%2C468x60%7Cf%3D0.1%22%2C%2296def64562b112%22%3A%22aebb700756e336ba0c5e%7C728x90%2C468x60%7Cf%3D0.1%22%2C%221054edab631af5c%22%3A%22aebb700756e336ba0c5e%7C728x90%2C468x60%7Cf%3D0.1%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=1b9da6d1-84bd-43c1-8011-6c1f1900f479&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-5e40535f-fae1-4566-8d51-0353e2d7e49d&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

beca0bf51e32d9463c8e353a41f8929309fe2b99d0ef9b0f07a22f27b6befc8f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:38 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 581
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 bid Show response
adapter.valueimpression.com/ 23 B
170 B 1362ms
1343ms XHR
text/plain 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/bid

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fab0097c0642d4ff88feb7c90c0e180e0cb59e4b3b895cae3fa6bb02bf9f1be4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: POST
content-type: text/plain; charset=utf-8
access-control-allow-origin: http://malware366.rssing.com
x-robots-tag: noindex, nofollow
access-control-allow-credentials: true
cf-ray: 55209da2cbc3d6e5-FRA
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 23
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 150ms
108ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2217f2802e0e5eb58%22%3A%22aebb700756e336ba0c5e%7C300x250%2C250x250%2C200x200%2C180x150%7Cf%3D0.1%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=a7c81c8c-439c-465a-9511-c70cef4eccce&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-5e40535f-fae1-4566-8d51-0353e2d7e49d&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

2e899938de14c6e6a7acc4d4770c4194465bf7589215ef483cb6a965a3f72c0f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:38 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 532
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 191ms
101ms XHR
application/json 69.173.144.141
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20378&site_id=278820&zone_id=1392704&size_id=15&alt_size_ids=13%2C14&rp_schain=1.0,1!freegames66.com,1368,1,,,&rf=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&tk_flint=pbjs_lite_v2.44.0-pre&x_source.tid=0dd1d464-3828-4ca9-bf67-bb53d2eac48b&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&slots=1&rand=0.35298032097408294
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: bedb76d90894a5212d47636369ecbe435eda6e41e96da2872f1a2975db2909ba

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:38 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=484
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 placementbid.json Show response
an.facebook.com/v2/ 105 B
1 KB 62ms
48ms XHR
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://an.facebook.com/v2/placementbid.json?placementids[]=1464791637027829_1488118128028513&adformats[]=300x250&testmode=false&pageurl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&sdk[]=6.0.web&adapterver=1.3.0&platform=241394079772386&platver=2.44.0-pre&cb=5388cdc0-6c06-4db3-a5d9-93ae5870e9d2

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

d871fcabc48194eb522f2e2ae9af48f3cc3b06efbf47a7c49d95a82a9c99d88f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-content-type-options: nosniff
x-fb-an-errors: No bids
x-fb-an-request-id: 2434724281520568506
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: KlWlUdJ4md03kO74cP5Dz5mmv+6h2wF3IINgRyLIqQBTgoOPBqTvwHWMvv3yNPRBHzgbT8K6tEGwCbY9bmHcWQ==
x-frame-options: DENY
date: Wed, 08 Jan 2020 19:35:38 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: http://malware366.rssing.com
access-control-expose-headers: X-FB-AN-Request-ID, X-FB-AN-Errors, X-FB-AN-Bid-Count
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 bid Show response
adapter.valueimpression.com/ 23 B
598 B 1195ms
1195ms XHR
text/plain 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/bid

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fab0097c0642d4ff88feb7c90c0e180e0cb59e4b3b895cae3fa6bb02bf9f1be4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Jan 2020 19:35:39 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: POST
content-type: text/plain; charset=utf-8
access-control-allow-origin: http://malware366.rssing.com
x-robots-tag: noindex, nofollow
access-control-allow-credentials: true
cf-ray: 55209da34d4ed6e5-FRA
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 23
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 932 B
2 KB 50ms
50ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2225db62addfe704%22%3A%223f830f3d0ea2cf3f217d%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=f7987c63-ed59-449c-959f-3a3694879e7a&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-5e40535f-fae1-4566-8d51-0353e2d7e49d&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

baa5774c09c2ef437420e1ee96fc3255acaec78ddc2223fe2e5b44c69c52cffe

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:39 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 529
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 142 B
365 B 365ms
274ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fb2313359cfa4870901065f06151991f8acd954bb8bfe187dff6c319164b08e8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:39 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
1 KB 105ms
104ms XHR
application/json 69.173.144.141
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20378&site_id=278820&zone_id=1392704&size_id=2&alt_size_ids=1&rp_schain=1.0,1!freegames66.com,1368,1,,,&rf=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&tk_flint=pbjs_lite_v2.44.0-pre&x_source.tid=51bac0a0-0ef9-4259-aeb5-a491e85e1bac&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&slots=1&rand=0.2554670503092198
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 338079921b87dcc4b41ced8219514942ee7a69f685206d2d7a8c523558516fb4

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:39 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=420
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 110ms
110ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%223121cb160e3aae5%22%3A%22aebb700756e336ba0c5e%7C728x90%2C468x60%7Cf%3D0.1%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=addaf237-8a8a-4dd4-83b5-89719b1fad91&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-5e40535f-fae1-4566-8d51-0353e2d7e49d&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

79e5e8236e157b8901c2cd82f94aa818368d8ab52bf5c6c1d206c5f3f52b0b7a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:39 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 531
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 bid Show response
adapter.valueimpression.com/ 23 B
259 B 1180ms
1180ms XHR
text/plain 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/bid

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fab0097c0642d4ff88feb7c90c0e180e0cb59e4b3b895cae3fa6bb02bf9f1be4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: POST
content-type: text/plain; charset=utf-8
access-control-allow-origin: http://malware366.rssing.com
x-robots-tag: noindex, nofollow
access-control-allow-credentials: true
cf-ray: 55209da67847d6e5-FRA
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length: 23
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame B6F1 73 KB
27 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-128776493-17

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

19aa6c87837337d3cf0adc42e532b11750667a4398367417b6893c6d4fb7fead

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:39 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27815
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 1202 73 KB
27 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-128776493-10

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5988cfdcc3bfe10518fe0f68efab2fc9f5de573a520f28ed818b71b8df363e82

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:39 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27815
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:39 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 92ms
91ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2235701b85659ba92%22%3A%2251bd46c4e8f691acebc6%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=2aa99b8f-73e1-45f7-b6d6-eb3b2b05f562&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-5e40535f-fae1-4566-8d51-0353e2d7e49d&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

ae807cc205f58d1a00c263a0a7fa41a6f80f08129de6ff70bb4531ee1399d913

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:39 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 534
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 141 B
365 B 107ms
107ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d991c612426740e10d78e6e807c3c02b330a632c36246ffb0d365473f8d7e7e9

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:39 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
expires: 0

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame F942 335 B
910 B 12ms
12ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683459_1&pbID=7&w=300&h=250

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd98ea8d8cfc22f303a10f700f75fbaf83f86a125b7c138c5bdcf04c2b24a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212216
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209daacb8063a7-FRA

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 179ms
165ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNraUqPKZt-TaaP-Pawr-aaMr-TYttYYaPUweTRzNhqllwqe0RrNTBUMRmNBPZaRrcorNco_TBUMBPZa_TRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209daaec2864af-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H/1.1 200
OK vi-logo.svg
assets.bilsyndication.com/media/icon/ 11 KB
4 KB 12ms
12ms Image
image/svg+xml 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/media/icon/vi-logo.svg
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:39 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 01 Nov 2019 05:04:49 GMT
Server: cloudflare
Age: 1803065
ETag: W/"5dbbbcf1-2c34"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=16070400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209daae979c303-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame 836C 335 B
910 B 16ms
16ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_1&pbID=5&w=728&h=90

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212217
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209dab6c3663a7-FRA

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame 8307 335 B
910 B 17ms
11ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_2&pbID=5&w=728&h=90

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212217
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209dab7b2ae00f-FRA

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame 694C 335 B
910 B 15ms
11ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_3&pbID=5&w=728&h=90

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212180
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209dab7c4963a7-FRA

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame A0F8 335 B
910 B 69ms
69ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_4&pbID=5&w=728&h=90

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212180
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209dab882ddfcf-FRA

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 170ms
164ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNrZtqyyKe-qrMT-PUyB-qyAP-PKaAqqtYKTtARzNhqllwqe0RrNTBUMRmNBPUARrcorNco_TBUMBPUA_TRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209dab8fa1c281-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 170ms
164ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNUKaqtaeU-wTeY-PMwK-wett-PqeyPaPyMtqaRzNhqllwqe0RrNTBUMRmNBPUARrcorNco_TBUMBPUA_YRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209dab9af66491-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 284ms
278ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNyZBTaZtM-yweP-PqUB-aywt-rUZZUBrBMqryRzNhqllwqe0RrNTBUMRmNBPUARrcorNco_TBUMBPUA_BRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209dab9b4263c5-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 167ms
162ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNBawyKPUw-wyUK-PePw-qBUM-KqTyAwyaweMrRzNhqllwqe0RrNTBUMRmNBPUARrcorNco_TBUMBPUA_PRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209dab9cf696e6-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame B6F1 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-128776493-17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3725
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame F942 6 KB
3 KB 189ms
172ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=10
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01da2612a16feab6303fe6289702d5816fb0480f69979cd71b2a60950c4dc289

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209dad6b92c2c7-FRA

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame 836C 6 KB
2 KB 176ms
170ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=11
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d8a744a6576d8ecb23f4fde7498f1ef50a0e1c3ef2d497933ccce414b55b83

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209dad6db96401-FRA

GET
H/1.1 200
OK / Show response
biltag.bilsyndication.com/passbacktarget/1578299917/ Frame 572A 335 B
910 B 10ms
10ms Script
application/javascript 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

http://biltag.bilsyndication.com/passbacktarget/1578299917/?t=iframe&divID=vi_13683460_5&pbID=5&w=728&h=90

Requested by

Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=

Protocol

HTTP/1.1

Server

2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Age: 212180
Transfer-Encoding: chunked
Connection: keep-alive
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Cf-Bgj: minify
Server: cloudflare
X-Sv: 67.58
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 55209dadefd2dfcf-FRA

GET
H/1.1 200
OK /
stats.bilsyndication.com/pi/ 0
473 B 188ms
188ms Image
image/jpeg 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://stats.bilsyndication.com/pi/?e=zdNYUtPtMrB-UMAq-PetM-qPtr-BTPaYPABBqeYRzNhqllwqe0RrNTBUMRmNBPUARrcorNco_TBUMBPUA_ZRrtN
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/jpeg
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
CF-RAY: 55209dadee5463c5-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
Content-Length: 0

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame 8307 6 KB
2 KB 191ms
190ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=11
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13e94c82503121a1b4e8e279d4437c0a3883cb9010e58afa74618d37d097307c

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209dae8f246401-FRA

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame 694C 6 KB
2 KB 189ms
188ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=11
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa68f95818ebf42d043845e644400964e740cd15ed59fcfe66fd8173994d49e8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209dae8fb8c2c7-FRA

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame A0F8 6 KB
3 KB 186ms
180ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=11
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5000e82cfaa6c0eadbaaa8d1e139783cdd051be24184ba82ba30466aeee2d4cb

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209dae9ed064cd-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 141D 73 KB
27 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E378 3 KB
548 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500,400

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

7c3a75ff664f63b62509f2cce3b751024bad6cffe526b22d59156a673da41e17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:40 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 7b8cf1b52182486d87d559b3131b06c7.jpg
interestinglinks.net/static/thumbs/ Frame E378 21 KB
21 KB 106ms
12ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/7b8cf1b52182486d87d559b3131b06c7.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0dbef06e239f73ee2805de9b2076e621fd3d6073b7fc5ea64257901965f5929

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:17 GMT
server: cloudflare
age: 332
etag: "5e144cd9-53dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209daf3a0cd6f9-FRA
content-length: 21469

GET
H2 200 4d4f78d1503f4a3a82597d339bc87934.jpg
interestinglinks.net/static/thumbs/ Frame E378 11 KB
11 KB 107ms
13ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/4d4f78d1503f4a3a82597d339bc87934.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70cc2e50fa0feebbc512ba96686b9bd489d472eed658ebe69a3b8c76539ef13f

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:15 GMT
server: cloudflare
age: 335
etag: "5e144cd7-2b7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209daf3a0ed6f9-FRA
content-length: 11135

GET
H2 200 collect
www.google-analytics.com/r/ Frame B6F1 35 B
101 B 84ms
83ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_VideoDiscover_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_VideoDiscover&cc=Default&_u=IEBAAUAB~&jid=1232282053&gjid=809268766&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&_r=1&gtm=2ouc61&z=620957584

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 82ms
81ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=2&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1574888522

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 81ms
80ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=3&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_Outstream_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_Outstream&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1580978952

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
100 B 8ms
8ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=4&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1439789707

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 78ms
78ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=5&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=383983317

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 77ms
77ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=6&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1336030891

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 15ms
5ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=7&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=457720420

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
93 B 8ms
8ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=8&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=noBid_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=noBid&cc=Default&_u=IEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1271282451

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688654
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame B6F9 73 KB
27 KB 26ms
26ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 209D 2 KB
500 B 32ms
24ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:40 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 c848d29fda0b4f1a9032f666ab1d6b3c.jpg
interestinglinks.net/static/thumbs/ Frame 209D 9 KB
9 KB 18ms
10ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/c848d29fda0b4f1a9032f666ab1d6b3c.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfd05b3861cd221c6182fa73de2ebcf8ab5b9564e0f0e0843bd6d529b87914ef

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:52 GMT
server: cloudflare
age: 331
etag: "5e144cc0-2411"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209dafcc06d6f9-FRA
content-length: 9233

GET
H2 200 5c112828d409463e8a0329e743ef27f5.jpg
interestinglinks.net/static/thumbs/ Frame 209D 12 KB
13 KB 18ms
13ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/5c112828d409463e8a0329e743ef27f5.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8b103dc20ba013fa3f493c96f5f94c74ebfde9a6c3e1f273d568e7aa6d3b3a6

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:29 GMT
server: cloudflare
age: 336
etag: "5e144ca9-31e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209dafcc08d6f9-FRA
content-length: 12776

GET
H2 200 f591dee95a8c42b5a4c8466e3303c42e.jpg
interestinglinks.net/static/thumbs/ Frame 209D 14 KB
14 KB 30ms
25ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/f591dee95a8c42b5a4c8466e3303c42e.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e1c9a765fb140b8d65a48a588c35a3029ef333e0777662a0dc25626dcc82f85

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:13 GMT
server: cloudflare
age: 336
etag: "5e144cd5-36a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209dafcc0ad6f9-FRA
content-length: 13991

GET
H2 200 TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v29/ Frame E378 25 KB
25 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500,400
Origin: http://malware366.rssing.com

Response headers

date: Thu, 21 Nov 2019 23:20:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:06:58 GMT
server: sffe
age: 4133687
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 25376
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:20:53 GMT

GET
H/1.1 200
OK tag.js Show response
jstag.interestinglinks.net/ Frame 572A 6 KB
3 KB 188ms
187ms Script
application/javascript 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://jstag.interestinglinks.net/tag.js?id=11
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: HTTP/1.1
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f550ebb738536fe7e7ec7357b540a659f3c4e930b9a3175600522ae3af666072

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:35:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209db06ddac2c7-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame AB8B 73 KB
27 KB 75ms
74ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0C6C 2 KB
500 B 74ms
73ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:40 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 1a7c87c0eda147a18d734cd0ac4dcc63.jpg
interestinglinks.net/static/thumbs/ Frame 0C6C 13 KB
14 KB 73ms
72ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/1a7c87c0eda147a18d734cd0ac4dcc63.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e47322633addfde22a0afb1457e2dfae4b8dcaccb5d2980c72fd1069093b31a

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:16 GMT
server: cloudflare
age: 337
etag: "5e144cd8-3595"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db08ef8d6f9-FRA
content-length: 13717

GET
H2 200 5893b36c9fba4c9a8ed5e07aa045c938.jpg
interestinglinks.net/static/thumbs/ Frame 0C6C 9 KB
10 KB 69ms
69ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/5893b36c9fba4c9a8ed5e07aa045c938.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e74d274db3b404b4d4c33cfc8bb9a9c5419f3dedd79149a4119ec14145c103ff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:25 GMT
server: cloudflare
age: 337
etag: "5e144ce1-25b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db08effd6f9-FRA
content-length: 9651

GET
H2 200 03586c0e1b29485eb08c0b474b60e5ab.jpg
interestinglinks.net/static/thumbs/ Frame 0C6C 14 KB
14 KB 72ms
71ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/03586c0e1b29485eb08c0b474b60e5ab.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12845ec69faefcd5d37c9775bcb69bc1c8164254de72538f44ec7883ba3750ba

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:50 GMT
server: cloudflare
age: 337
etag: "5e144cbe-3624"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db08f00d6f9-FRA
content-length: 13860

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame C58A 73 KB
27 KB 24ms
15ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 03D6 2 KB
500 B 25ms
23ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:40 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 b68aabd8208d4e4a9895a9165b0dffd7.jpg
interestinglinks.net/static/thumbs/ Frame 03D6 11 KB
12 KB 85ms
84ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/b68aabd8208d4e4a9895a9165b0dffd7.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53b5121e76533f9ebd2c91cca20fe5854cc18c5de14bcbc6ce3937c5eec4bd9a

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:53 GMT
server: cloudflare
age: 3937
etag: "5e144cc1-2dc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db1191bd6f9-FRA
content-length: 11716

GET
H2 200 3d89392b4e284f00a318cc620be98155.jpg
interestinglinks.net/static/thumbs/ Frame 03D6 12 KB
12 KB 86ms
84ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/3d89392b4e284f00a318cc620be98155.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeb4c2f73adcade08e0c2e910aa2de37335d2c602d595fdfb0cd794ecac5f490

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:44 GMT
server: cloudflare
age: 337
etag: "5e144cb8-302e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db1191ed6f9-FRA
content-length: 12334

GET
H2 200 cf045aa3172141f8af374aa427b79ba6.jpg
interestinglinks.net/static/thumbs/ Frame 03D6 17 KB
17 KB 84ms
83ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/cf045aa3172141f8af374aa427b79ba6.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef3ced515d1cbb845c9edc9e29d8c14724c962b2310620ff079965e32c772eb1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:23 GMT
server: cloudflare
age: 337
etag: "5e144cdf-4365"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db11920d6f9-FRA
content-length: 17253

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 8AE3 73 KB
27 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E0E1 2 KB
500 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:40 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:40 GMT

GET
H2 200 e4e52f66a8ea43f599ff59debf622df5.jpg
interestinglinks.net/static/thumbs/ Frame E0E1 15 KB
15 KB 83ms
82ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/e4e52f66a8ea43f599ff59debf622df5.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e3f81e4a025b3680fede3cf2e158ef7194c850f4e57a3dd00f2d72a43396f41

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:52 GMT
server: cloudflare
age: 337
etag: "5e144cc0-3d25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db11944d6f9-FRA
content-length: 15653

GET
H2 200 cf045aa3172141f8af374aa427b79ba6.jpg
interestinglinks.net/static/thumbs/ Frame E0E1 17 KB
17 KB 83ms
83ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/cf045aa3172141f8af374aa427b79ba6.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef3ced515d1cbb845c9edc9e29d8c14724c962b2310620ff079965e32c772eb1

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:18:23 GMT
server: cloudflare
age: 337
etag: "5e144cdf-4365"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db1194ad6f9-FRA
content-length: 17253

GET
H2 200 07ef3b14fac3437f9517c2abb3ed4a71.jpg
interestinglinks.net/static/thumbs/ Frame E0E1 11 KB
11 KB 84ms
83ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/07ef3b14fac3437f9517c2abb3ed4a71.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f9b304a378180cd152898e60f36a436ab0c1fdae57f7d9c2d1aa3e96bc56692

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:40 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:26 GMT
server: cloudflare
age: 337
etag: "5e144ca6-2cc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db1194ed6f9-FRA
content-length: 11458

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff
fonts.gstatic.com/s/oswald/v29/ Frame 209D 13 KB
13 KB 17ms
17ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 04:47:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:04:38 GMT
server: sffe
age: 4286911
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13068
x-xss-protection: 0
expires: Thu, 19 Nov 2020 04:47:09 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff
fonts.gstatic.com/s/oswald/v29/ Frame 0C6C 13 KB
13 KB 9ms
5ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 04:47:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:04:38 GMT
server: sffe
age: 4286912
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13068
x-xss-protection: 0
expires: Thu, 19 Nov 2020 04:47:09 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 141D 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3726
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame B6F9 43 KB
17 KB 13ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3726
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff
fonts.gstatic.com/s/oswald/v29/ Frame 03D6 13 KB
13 KB 7ms
7ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 04:47:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:04:38 GMT
server: sffe
age: 4286912
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13068
x-xss-protection: 0
expires: Thu, 19 Nov 2020 04:47:09 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff
fonts.gstatic.com/s/oswald/v29/ Frame E0E1 13 KB
13 KB 6ms
6ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 04:47:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:04:38 GMT
server: sffe
age: 4286912
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13068
x-xss-protection: 0
expires: Thu, 19 Nov 2020 04:47:09 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame AB8B 43 KB
17 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3726
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 567A 73 KB
27 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:41 GMT
content-encoding: br
last-modified: Wed, 08 Jan 2020 18:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0B7C 2 KB
546 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:819::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:500

Requested by

Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 08 Jan 2020 19:35:41 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 08 Jan 2020 19:35:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 08 Jan 2020 19:35:41 GMT

GET
H2 200 52dcab2ef98d4dfdb006a406b1d529fd.jpg
interestinglinks.net/static/thumbs/ Frame 0B7C 11 KB
11 KB 15ms
14ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/52dcab2ef98d4dfdb006a406b1d529fd.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5ea36368cfc5decc826a6539f588b23af5f6f53e8fe3bd85995e9892d340274

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:41 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:57 GMT
server: cloudflare
age: 335
etag: "5e144cc5-2b6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db24caed6f9-FRA
content-length: 11117

GET
H2 200 07ef3b14fac3437f9517c2abb3ed4a71.jpg
interestinglinks.net/static/thumbs/ Frame 0B7C 11 KB
11 KB 15ms
15ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/07ef3b14fac3437f9517c2abb3ed4a71.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f9b304a378180cd152898e60f36a436ab0c1fdae57f7d9c2d1aa3e96bc56692

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:41 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:26 GMT
server: cloudflare
age: 338
etag: "5e144ca6-2cc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db24cafd6f9-FRA
content-length: 11458

GET
H2 200 44154ea13c454399b4241e33d84525a3.jpg
interestinglinks.net/static/thumbs/ Frame 0B7C 24 KB
24 KB 14ms
14ms Image
image/jpeg 2606:4700:e6::ac40:c807
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interestinglinks.net/static/thumbs/44154ea13c454399b4241e33d84525a3.jpg
Requested by: Host: jstag.interestinglinks.net
URL: http://jstag.interestinglinks.net/tag.js?id=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c807 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a56ea79eec9a89639443970c3bb1c8d05243bf45ef419f2fcae49aec055033e4

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Wed, 08 Jan 2020 19:35:41 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Jan 2020 09:17:47 GMT
server: cloudflare
age: 338
etag: "5e144cbb-60d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 55209db24cb1d6f9-FRA
content-length: 24792

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame C58A 43 KB
17 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3726
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 8AE3 43 KB
17 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3726
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff
fonts.gstatic.com/s/oswald/v29/ Frame 0B7C 13 KB
13 KB 7ms
7ms Font
font/woff 2a00:1450:4001:80b::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v29/TK3_WkUHHAIjg75cFRf3bXL8LICs18NvsUZiYySUhiCXAA.woff

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Oswald:500
Origin: http://malware366.rssing.com

Response headers

date: Wed, 20 Nov 2019 04:47:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 21 Oct 2019 23:04:38 GMT
server: sffe
age: 4286912
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13068
x-xss-protection: 0
expires: Thu, 19 Nov 2020 04:47:09 GMT

GET
H2 200 collect
www.google-analytics.com/r/ Frame 141D 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=746710923&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2010_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2010&cc=na&_u=AACAAUAB~&jid=763224467&gjid=1215227539&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&_r=1&gtm=2ouc61&z=730595681

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame B6F9 35 B
100 B 63ms
62ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=60552506&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2011_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2011&cc=na&_u=AACAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&gtm=2ouc61&z=785123537

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688656
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame AB8B 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1450769374&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2011_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2011&cc=na&_u=AACAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&gtm=2ouc61&z=431169039

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688656
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame C58A 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=2091120526&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2011_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2011&cc=na&_u=AACAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&gtm=2ouc61&z=1138149276

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688656
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame 8AE3 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=809630836&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2011_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2011&cc=na&_u=AACAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&gtm=2ouc61&z=7261026

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688656
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 567A 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-109910709-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 3727
date: Wed, 08 Jan 2020 18:33:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 08 Jan 2020 20:33:35 GMT

GET
H2 200 usersync
adapter.valueimpression.com/ Frame 60FF 0
0 180ms
180ms Document
text/html 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/usersync

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adapter.valueimpression.com
:scheme: https
:path: /usersync
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
date: Wed, 08 Jan 2020 19:35:42 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=df1f9e50d0b4d60b077d23634b3ee33651578512142; expires=Fri, 07-Feb-20 19:35:42 GMT; path=/; domain=.valueimpression.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
cf-ray: 55209dba7ad4d6e5-FRA
content-encoding: br

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 058E 0
0 274ms
91ms Document
text/html 23.37.55.184
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Tue, 07 Jan 2020 22:21:23 GMT
Content-Encoding: gzip
Content-Length: 7749
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=9905
Expires: Wed, 08 Jan 2020 22:20:47 GMT
Date: Wed, 08 Jan 2020 19:35:42 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 usersync
adapter.valueimpression.com/ Frame AAC9 0
0 194ms
193ms Document
text/html 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/usersync

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adapter.valueimpression.com
:scheme: https
:path: /usersync
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
date: Wed, 08 Jan 2020 19:35:42 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=df1f9e50d0b4d60b077d23634b3ee33651578512142; expires=Fri, 07-Feb-20 19:35:42 GMT; path=/; domain=.valueimpression.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
cf-ray: 55209dbb0c5cd6e5-FRA
content-encoding: br

GET
H2 200 usersync
adapter.valueimpression.com/ Frame B017 0
0 188ms
187ms Document
text/html 2606:4700:20::681a:60a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://adapter.valueimpression.com/usersync

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:60a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: adapter.valueimpression.com
:scheme: https
:path: /usersync
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html

Response headers

status: 200
date: Wed, 08 Jan 2020 19:35:42 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=df1f9e50d0b4d60b077d23634b3ee33651578512142; expires=Fri, 07-Feb-20 19:35:42 GMT; path=/; domain=.valueimpression.com; HttpOnly; SameSite=Lax
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
cf-ray: 55209dbb0c77d6e5-FRA
content-encoding: br

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=sonobi
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&gdpr_consent=&user_id=eq_Bs32swONi-sCyfK_dtn7-kr1i8sawf_LOn5Bd
https://x.bidswitch.net/ul_cb/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&gdpr_consent=&user_id=eq_Bs32swONi-sCyfK_dtn7-kr1i8sawf_LOn5Bd
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=72975844-70e3-4b17-a95c-e4ef25539812

49 B
840 B

19ms
18ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=72975844-70e3-4b17-a95c-e4ef25539812

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:43 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Wed, 08 Jan 2020 19:35:43 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=72975844-70e3-4b17-a95c-e4ef25539812
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

49 B
654 B

200ms
79ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: nginx
ETag: OPTOUT
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

204

current
pulsepoint-match.dotomi.com/match/bounce/
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=5bd7cc19-e247-427f-9203-dde854806d29&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=

0
104 B

205ms
91ms

Image
text/plain

2a02:fa8:8806:16::1400
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
Requested by: Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Wed, 08 Jan 2020 19:35:42 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

Redirect headers

Date: Wed, 08 Jan 2020 19:35:42 GMT
Via: 1.1 varnish
X-Cache: MISS
P3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Connection: keep-alive
Content-Length: 0
X-Served-By: cache-hhn4036-HHN
Server: Jetty(9.4.14.v20181114)
Vary: Accept-Encoding
Content-Language: en
Location: https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
Expires: -1
Cache-Control: private, max-age=0, no-cache, no-store
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Cw-Server: bh-deployment-5d57bcf698-jjpkr
X-Cache-Hits: 0

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NWJkN2NjMTktZTI0Ny00MjdmLTkyMDMtZGRlODU0ODA2ZDI5
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEFId38B3Mfj6LV-GjkmrF_Q&google_cver=1

49 B
788 B

198ms
79ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEFId38B3Mfj6LV-GjkmrF_Q&google_cver=1

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:42 GMT
server: HTTP server (unknown)
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEFId38B3Mfj6LV-GjkmrF_Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YzU0NjVhM2EtYzJmNy00NDYwLTlkYTQtNTBlOGNjNGE2YTc1
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDQ_a8eQstkFLeYdNgO-rC4&google_cver=1

49 B
788 B

196ms
76ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDQ_a8eQstkFLeYdNgO-rC4&google_cver=1

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:42 GMT
server: HTTP server (unknown)
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEDQ_a8eQstkFLeYdNgO-rC4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct&UUID=e9215e16-2720-4000-8f72-0f64ccddedd6
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9215e16-2720-4000-8f72-0f64ccddedd6

49 B
903 B

128ms
21ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9215e16-2720-4000-8f72-0f64ccddedd6

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: MT3 1913 979072d master zrh-pixel-x20
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e9215e16-2720-4000-8f72-0f64ccddedd6
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 08 Jan 2020 19:35:41 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=d2eb0b8f-e74e-4766-9706-35886af33465&pubid=4d443a3ea2

49 B
907 B

127ms
20ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=d2eb0b8f-e74e-4766-9706-35886af33465&pubid=4d443a3ea2

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:42 GMT
x-aspnet-version: 4.0.30319
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=d2eb0b8f-e74e-4766-9706-35886af33465&pubid=4d443a3ea2
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 302
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c5465a3a-c2f7-4460-9da4-50e8cc4a6a75&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=Q2jz4uyISseI

49 B
774 B

201ms
81ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=Q2jz4uyISseI

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:42 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 08 Jan 2020 19:35:42 GMT
Via: 1.1 varnish
X-Cache: MISS
P3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Connection: keep-alive
Content-Length: 0
X-Served-By: cache-hhn4069-HHN
Server: Jetty(9.4.14.v20181114)
Vary: Accept-Encoding
Content-Language: en
Location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=Q2jz4uyISseI
Expires: -1
Cache-Control: private, max-age=0, no-cache, no-store
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Cw-Server: bh-deployment-stage-0
X-Cache-Hits: 0

GET
H2 200 collect
www.google-analytics.com/ Frame 567A 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=727852805&t=pageview&_s=1&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Widget%20ID%3A%2011_malware366.rssing.com_na_na&sd=24-bit&sr=1600x1200&vp=&je=0&cn=na&cs=malware366.rssing.com&cm=Widget%20ID%3A%2011&cc=na&_u=AACAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-109910709-5&_gid=1374194034.1578512141&gtm=2ouc61&z=1747602883

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688656
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 536 B
2 KB 110ms
73ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2243ea8199bd766%22%3A%223f830f3d0ea2cf3f217d%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=42cb680b-94c5-48f5-93f6-90f3de431702&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-89c87a9e-8f30-4e97-ab93-cac9f9fc94d9&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

7be97e3a7d312ddf22f25bfa003597d99c48d63930c068cc1a12bb45280d7c0a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:44 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 390
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 141 B
365 B 99ms
99ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3069c4c0363818d4d1938ae6da63c68355843f8fb429af9d81e3fe968a8765ea

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:44 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
expires: 0

GET
H2 200 collect
www.google-analytics.com/r/ Frame B6F1 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=9&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_VideoDiscover_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_VideoDiscover&cc=Default&_u=KEBAAUAB~&jid=1666521395&gjid=972242133&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&_r=1&gtm=2ouc61&z=831165512

Requested by

Host: malware366.rssing.com
URL: http://malware366.rssing.com/chan-15300800/all_p1801.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 111ms
75ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224789b3d9e6586bf%22%3A%223f830f3d0ea2cf3f217d%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=d3ae37f9-514f-49c3-938e-da9e45458f7d&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-bc7298ed-401e-4f97-909a-964df385f078&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

17218a1b392722f3fe719c6de7cfa9efd83bd95b32547efaed2eadc887ae1e3f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:49 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 539
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 142 B
366 B 263ms
263ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f06d06a7a56ee6a51ec5892c3d26602d5c1df4925149f6feafda33745330a5aa

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:49 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
expires: 0

GET
H2 200 collect
www.google-analytics.com/r/ Frame B6F1 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=10&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_VideoDiscover_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_VideoDiscover&cc=Default&_u=KEBAAUAB~&jid=1295657007&gjid=1781740093&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&_r=1&gtm=2ouc61&z=436307905

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 113ms
77ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2251fd2c77e01e38d%22%3A%223f830f3d0ea2cf3f217d%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=d3c1ab41-79bb-4a19-940e-718c4b0294d0&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-bc7298ed-401e-4f97-909a-964df385f078&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

421b943189e7fcc8718fc13061ce2ac0930ac507ca6970683dc73726b7e3a3ba

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:35:54 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 538
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 142 B
365 B 149ms
149ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4fbf797d1794ed70d5bb59d9a67dc92c6d8ff263048ac5192511e817d113ea50

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:35:54 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 148
expires: 0

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
100 B 6ms
5ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=11&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_VideoDiscover_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_VideoDiscover&cc=Default&_u=KEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1366145412

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688669
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 205ms
134ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22553a8f2bb8d164b%22%3A%2251bd46c4e8f691acebc6%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=14ef6e5d-1340-471f-a8fd-81e6eebb5538&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-9e091119-93e7-4fff-8b40-1af0fc9b3b6b&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

cb5aeb21161cb24923ecad230d443822657c5cd58841d1425141e7a7e866a974

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:36:00 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 533
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 141 B
366 B 133ms
132ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 28de005bc0811353481e75f7394d94aeaa8ffb6182dca95fcdcf64a7214e53e8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:36:00 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 141 B
366 B 136ms
135ms XHR
application/json 52.29.128.237
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.128.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-128-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f2657a69392cbce6cf01b4387076eab2aa1e05ee1754c78a1fd9c668520feb41

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:36:00 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: http://malware366.rssing.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 149
expires: 0

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 933 B
2 KB 156ms
48ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22619cff4e8cf4a75%22%3A%223f830f3d0ea2cf3f217d%7C%7Cf%3D0.5%22%7D&ref=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&s=09783d2d-3c18-422f-b3f2-0d220840f6f0&pv=f9dda901-4b26-4b97-93ec-cfeae2033d03&vp=desktop&lib_name=prebid&lib_v=2.44.0-pre&us=0&ius=1&hfa=PRE-9e091119-93e7-4fff-8b40-1af0fc9b3b6b&gdpr=false&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freegames66.com%22%2C%22sid%22%3A%221368%22%2C%22hp%22%3A1%7D%5D%7D&

Requested by

Host: assets.bilsyndication.com
URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

2a232810ba71946b1e7a79bb360fe1ec8493f047de15b0245a4c1c534730d305

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
Origin: http://malware366.rssing.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 08 Jan 2020 19:36:00 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: http://malware366.rssing.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 534
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/r/ Frame B6F1 35 B
101 B 14ms
13ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=12&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_VideoDiscover_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_VideoDiscover&cc=Default&_u=KEBAAUAB~&jid=1267396824&gjid=346596202&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&_r=1&gtm=2ouc61&z=76699791

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jan 2020 19:36:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK vi-logo.svg
assets.bilsyndication.com/media/icon/ 11 KB
4 KB 10ms
10ms Image
image/svg+xml 2606:4700:10::6814:ed10
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.bilsyndication.com/media/icon/vi-logo.svg
Requested by: Host: biltag.bilsyndication.com
URL: http://biltag.bilsyndication.com/jsv1/1578504380/?d=1368&n=
Protocol: HTTP/1.1
Server: 2606:4700:10::6814:ed10 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Wed, 08 Jan 2020 19:36:00 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 01 Nov 2019 05:04:49 GMT
Server: cloudflare
Age: 1803086
ETag: W/"5dbbbcf1-2c34"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=16070400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 55209e293ee1c303-FRA
Alt-Svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H2 200 collect
www.google-analytics.com/ Frame B6F1 35 B
100 B 6ms
5ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=1981293301&t=pageview&_s=13&dl=http%3A%2F%2Fmalware366.rssing.com%2Fchan-15300800%2Fall_p1801.html&ul=en-us&de=UTF-8&dt=Nobid_Outstream_rssing.com_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=rssing.com&cm=Nobid_Outstream&cc=Default&_u=KEBAAUAB~&jid=&gjid=&cid=1559719062.1578512141&tid=UA-128776493-17&_gid=1374194034.1578512141&gtm=2ouc61&z=1808270969

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://malware366.rssing.com/chan-15300800/all_p1801.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 20 Dec 2019 06:31:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1688674
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

217 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: http://assets.bilsyndication.com/prebid/default/prebid-v2.44.6.js(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adapter.valueimpression.com
an.facebook.com
apex.go.sonobi.com
assets.bilsyndication.com
bh.contextweb.com
biltag.bilsyndication.com
c.adskeeper.co.uk
cdn.adskeeper.co.uk
cdn.jsdelivr.net
cm.adskeeper.co.uk
cm.g.doubleclick.net
edge.quantserve.com
eus.rubiconproject.com
fastlane.rubiconproject.com
flx907.lporirxe.com
fonts.googleapis.com
fonts.gstatic.com
greatis.com
imasdk.googleapis.com
info.greatis.com
interestinglinks.net
jsc.adskeeper.co.uk
jstag.interestinglinks.net
logs.bilsyndication.com
malware366.rssing.com
match.adsrvr.org
media.bilsyndication.com
pixel.quantserve.com
pre.glotgrx.com
prebid-server.rubiconproject.com
pulsepoint-match.dotomi.com
r3---sn-4g5e6nl7.googlevideo.com
redirector.googlevideo.com
rules.quantcount.com
s-img.adskeeper.co.uk
s3.amazonaws.com
s7.addthis.com
servicer.adskeeper.co.uk
services.bilsyndication.com
stats.bilsyndication.com
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
v1.addthisedge.com
vendorlist.consensu.org
www.google-analytics.com
www.googletagmanager.com
www.rssing.com
www.youtube.com
x.bidswitch.net
z.moatads.com
104.19.131.80
151.101.112.166
172.217.21.194
178.162.133.149
178.162.133.150
185.29.132.30
199.127.61.68
208.76.245.34
213.19.147.150
23.210.248.44
23.210.250.213
23.37.55.184
2600:9000:2156:c800:1:af78:4c0:93a1
2600:9000:2156:f000:6:44e3:f8c0:93a1
2606:4700:10::6814:ec10
2606:4700:10::6814:ed10
2606:4700:20::681a:60a
2606:4700:30::681b:8fe9
2606:4700::6810:3f36
2606:4700::6812:9ce1
2606:4700:e6::ac40:c807
2a00:1450:4001:4f::9
2a00:1450:4001:808::200e
2a00:1450:4001:809::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:816::2008
2a00:1450:4001:819::200a
2a00:1450:4001:81e::200e
2a02:fa8:8806:16::1400
2a03:2880:f01c:800e:face:b00c:0:2
2a04:4e42:3::621
52.16.238.200
52.216.170.101
52.29.128.237
54.93.38.91
69.173.144.141
91.228.74.240
91.228.74.252
01da2612a16feab6303fe6289702d5816fb0480f69979cd71b2a60950c4dc289
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0be47ce6432fce52f77a1938b6cbcaeacdfd782dfd33f068aa50cda6bbd494aa
0d62946b49f357b8cc1f07015be1d56492da8ca2ab8f250769e7dc2ec4c0c7b2
0d684faa13c4b9d92bb521f94889068500d7d0821c20328dcaefb0a47d6dfb8e
0e5696b8eed1574d3e00cd21ef2894ea05f78c970d7b6016556ed1ca3705b954
12845ec69faefcd5d37c9775bcb69bc1c8164254de72538f44ec7883ba3750ba
1372ebaa0d371c6cbe8624b176d4ffbfc224abe9e3a2f3c6423910768a37d85c
13e94c82503121a1b4e8e279d4437c0a3883cb9010e58afa74618d37d097307c
17218a1b392722f3fe719c6de7cfa9efd83bd95b32547efaed2eadc887ae1e3f
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
19aa6c87837337d3cf0adc42e532b11750667a4398367417b6893c6d4fb7fead
1e4d7c071d72d7b41076bd9157a12ee75bf9058003642be197e9e59d418aee8c
24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8
27335a35883abf54d38c4a756137974c3722e752b5b53b0c75d65915a61b8320
28de005bc0811353481e75f7394d94aeaa8ffb6182dca95fcdcf64a7214e53e8
294ded360bf10418bcc0a46507bd715f44a43f14741cc6a044552945ee419474
2a232810ba71946b1e7a79bb360fe1ec8493f047de15b0245a4c1c534730d305
2e899938de14c6e6a7acc4d4770c4194465bf7589215ef483cb6a965a3f72c0f
2fd98ea8d8cfc22f303a10f700f75fbaf83f86a125b7c138c5bdcf04c2b24a50
3069c4c0363818d4d1938ae6da63c68355843f8fb429af9d81e3fe968a8765ea
31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c
338079921b87dcc4b41ced8219514942ee7a69f685206d2d7a8c523558516fb4
38b0d861d139ec15834e2672b6dee064360d2e1799f3439fcdf4b0bd2b3c79a7
3a1ced149efa4f0f3d97221e4969ba6a4825773e7a2527294ab8449775676deb
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c769a70e2d63291c02a8ee996693da240f58393031ae26856017d69d5536c5a
3db9817aad542983eb70b0f371cad4a37b48250d7de76938b88c6047f28c8b8c
40ee676e2be03d7fd9d7e0d5545fd32ee3d67467c95a18ede3ad02a277fd44f0
41a3e1c14ed57011f21539a8a0ef9cfb6db894d053bfa6f2ab5a207f0e47b5df
421b943189e7fcc8718fc13061ce2ac0930ac507ca6970683dc73726b7e3a3ba
4272145094377f201c29362a72f42f4432eba1e20583941920c409e38703d2fc
4499684b2ccb73b837644e441904cb272493233e9b0ced737ffbb95d42453592
4618dd3b5c277f83194fb6f96bba66d7ad25fc03aff325d8b5d27ac0badcf5fa
4b7b89caabb6dc09eaa685f81d240ca8950396d8e1d3fd5ca56551db7dde98c0
4d83ebd70f8d969eb329fa9a6f52b174e6a8cc37e977cd5f8ab4c49d53755ecc
4f6efca4ace0b2d91544035cc2a1bf21c3823b3781674e8b44e008e04d6d6e93
4f9b304a378180cd152898e60f36a436ab0c1fdae57f7d9c2d1aa3e96bc56692
4fbf797d1794ed70d5bb59d9a67dc92c6d8ff263048ac5192511e817d113ea50
5000e82cfaa6c0eadbaaa8d1e139783cdd051be24184ba82ba30466aeee2d4cb
5178f29715f52023aafba8a95e2ec04574121cd98b583655501372f4aba956c8
52864570f95a0370779c43aa5887a3abd049995720bd379c30a52ea9ce844cdb
52d8a744a6576d8ecb23f4fde7498f1ef50a0e1c3ef2d497933ccce414b55b83
53b5121e76533f9ebd2c91cca20fe5854cc18c5de14bcbc6ce3937c5eec4bd9a
56ecb21711dfe0f67f54d3d96fab158ae6dbef1adc755533dca5550a952483c4
5988cfdcc3bfe10518fe0f68efab2fc9f5de573a520f28ed818b71b8df363e82
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a90a3ecb7e28ac78bc33543cb1e12aa10734aef5c847106fdb3e9f278d5bb00
5b0b279fb5cd954f044a748f1c992e5732b71351947435a8ca04c3ba26831f12
5e1c9a765fb140b8d65a48a588c35a3029ef333e0777662a0dc25626dcc82f85
6094177e3abd29ee6285417a89b8bb313f049c530d1d1e1b45fcaacae6ebff72
614c2cf2cd0b54228b461c4328c349e6bced4ea564c8b9b6157cd6fdec6f3914
63583c19f4a8db7941daf19d5790306b6774edf4537385507189502d5e318651
647f43cd0cfdbafe354249e2c9831cc97c843fe0e44a726febdfb956bd1d25c5
6a7b6866f148be34fe36ae389d823f29f31d345dbd3b59a532fc6dad37663dc5
6e95883a2c9e12d23a13e60fc41914b9bf9c4798f44eb5a767a4059ea82b0e9c
7053c1c3845c3e57f701b1d858e9599be64b41763761b6d6f45b88202320f882
70cc2e50fa0feebbc512ba96686b9bd489d472eed658ebe69a3b8c76539ef13f
769eb9ed7fcfd60268502d88c88a988ece4bd6608c60969b301341c0a1d9d373
772bd1d983dd021c281365a845d42688e2cefc599a3d6eb513705f55947976a6
79c8357f91117e26aa1df7b22d958615d34c0049081c816cae85ab12d91301ec
79dacfd985cd25ee1b544920f1fcfd939becead723b7c229cc76750c5fc6877a
79e5e8236e157b8901c2cd82f94aa818368d8ab52bf5c6c1d206c5f3f52b0b7a
7a8b52a8a43a66424907da2dda38ee26c1226d16566e027312dabe5e6f754756
7be97e3a7d312ddf22f25bfa003597d99c48d63930c068cc1a12bb45280d7c0a
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7c2f4c6e63e549fbabf1d45c8da8565550fd458ad2574f6b0574761f240c43a7
7c3a75ff664f63b62509f2cce3b751024bad6cffe526b22d59156a673da41e17
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84297f43479d6ba9e67717a72917631b49452610bf183d715b0f07863955dc9f
85a9a40122e6882d47a707fc9c2c5f768fa93840bae7c663ec75de48c1f95251
887fef6995bfb14ae2e73521d26c1b539c8c91ddbd1d4f11a7cf0139bc7d81f3
8b49eef1ad608db416865ce4695143b9c0cb14d5dea8ef2c508f12a1017980e3
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
906f7df4c0b97c4a3279af00afb3b7d2298dad3c7eb2f52a11f75e9be7ebb462
968106bd5e3b070fea7365377dc7494ff8de7c44524defc0e8e91de7e2280e28
96a3bf5525351360491c69de39bb7ad68600b2873a82b766dcdd25f4e4746377
9ad99a422f4d54c3eff7acdc7e38e3ccbf840c1cc37135479b844729fed8542c
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9e3f81e4a025b3680fede3cf2e158ef7194c850f4e57a3dd00f2d72a43396f41
9e47322633addfde22a0afb1457e2dfae4b8dcaccb5d2980c72fd1069093b31a
a1a768feb2cea958225615d935b23fa6e8ba7f366bc405d1267f1424244020dc
a38f94fa11f02dd373b23da5fd03ab35592f9706e93a0e29a673b6ec41e79aa6
a46213c7ea74639385fcf10dfaab5b354800425286b8a5c5f1c0775351954125
a4b3208aa6866b4fd4d4c6e62cd0ab70f2d85704d3ef149e70af9c6597253129
a56ea79eec9a89639443970c3bb1c8d05243bf45ef419f2fcae49aec055033e4
a696929b2249e10b3b0657b3c1193b89b3a442bdb4c1919914f6addc51cba071
a7718b6dc6c02d166015e3083c9d212a7e145b781d83e1a15eb86d1a55ffd1c8
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa68f95818ebf42d043845e644400964e740cd15ed59fcfe66fd8173994d49e8
ac2fb0e6f9f3aba9c8509ef817f492a610e1929771ff2b45769743e72180b8d2
ad7fb3ffb08e67d1bb6314ccf3777c684dc89a6927da392cb8cac91179cfeb02
ae807cc205f58d1a00c263a0a7fa41a6f80f08129de6ff70bb4531ee1399d913
aeb4c2f73adcade08e0c2e910aa2de37335d2c602d595fdfb0cd794ecac5f490
b20f6ba8c611fe1b6fc92f028a3cb91249d7bbbb7f97e504004c33e48d4da01e
b31062abec9d4536524232f02801803517829af29b44c85b59696d52bc7107cc
b418dd4bbe003bd8cb7ba41e3b8e11e0089e9ac64d77c02749890ebf31b3dfb1
b4202a5cf68c1a9d3d712cc5403277af65e3ee6e1bbcfe1d4c2c0a3f29420ff1
b5068236ffcbd04a5d55fce58f139d3b3021c6d01e2aae64d083b8ac9fbfec35
b60bccde87ada56d1106446525dd4851b7669a3d429ae856dfa1bab4dde70d85
baa5774c09c2ef437420e1ee96fc3255acaec78ddc2223fe2e5b44c69c52cffe
bab51dcce37f69bc74194cd7d15a686348cc76109a4f1b195887090d0ba8fdf8
bdb8bc00736d704db5d2fd9882976bcd97139bf83e48bb3117b1eed406af3586
be4c5b6acdf271871913661ada66bdb08c2ea456352889af50dbebe0c6c1b4ff
beca0bf51e32d9463c8e353a41f8929309fe2b99d0ef9b0f07a22f27b6befc8f
bedb76d90894a5212d47636369ecbe435eda6e41e96da2872f1a2975db2909ba
bee9da8ec5c4616746cb8eae3841dc8a10176b3b18cdaf44d1fe5a055b78e60e
bfd05b3861cd221c6182fa73de2ebcf8ab5b9564e0f0e0843bd6d529b87914ef
c057093ad15fb84ce967a97987e18385442409eef75182c2be898ab6e9c64880
c0dbef06e239f73ee2805de9b2076e621fd3d6073b7fc5ea64257901965f5929
c137183b1a7a90b05c55b625b78140da3e4ffcfc80e649d69d19d6bd30a15a29
c4fbe596d715b3b1b1e0940ac7f03a3efca1131af6becd00395caeab690c0b64
c612786520975231822586a9890d1ce53d7106bdea13903c26dc36f37f7818b9
c8b103dc20ba013fa3f493c96f5f94c74ebfde9a6c3e1f273d568e7aa6d3b3a6
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cafefbc589e23aa0565b21bd287b43a3b6c9609e258067d6aadcde558946114b
cb5aeb21161cb24923ecad230d443822657c5cd58841d1425141e7a7e866a974
d0244fbaf12a3852351a4bd2f65d59c422660920c429bf16085453a0ed0c8911
d40f01f4c9ecb0b31d220f848162de0c11db7c007b8239ec57ba60dc0d25cfce
d64ef7f2d2593fa249e0c394dff95c48d03921ee278b1dab4f73b05cb46f1fb0
d871fcabc48194eb522f2e2ae9af48f3cc3b06efbf47a7c49d95a82a9c99d88f
d991c612426740e10d78e6e807c3c02b330a632c36246ffb0d365473f8d7e7e9
da60324c80f79107d1f72e802e0b5b5e9b72617c400c99bce66c4133cfeb02b0
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
def71a10ebaddc43aa9404a5071b8580f023260ec128cf97a20eb86990fa038e
dff1b923ca0cd778d39f55ef29c8a5636ca8ab00e76c625a0d9d4a6b8cc32811
e3570417f9ed848ec223097b745a62d41764f03319d41247d79360b895c478b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43b4b0b9863a455cd365e568684a36eed8e112e18def64ef948bdd46606a0c4
e5de6ab18011f90e7025bc0fb783c6cc2ab76fded5322dabd7bbd14bfe35251e
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
e74d274db3b404b4d4c33cfc8bb9a9c5419f3dedd79149a4119ec14145c103ff
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef3ced515d1cbb845c9edc9e29d8c14724c962b2310620ff079965e32c772eb1
f06d06a7a56ee6a51ec5892c3d26602d5c1df4925149f6feafda33745330a5aa
f17f97144c89da4fb0ec3a042a9881bb77640a8cf6a90d7381c3473511b57072
f182533e3e4d7cf79eee75d231b09f827e86401c1fd19ffb2fb9d966cbbd612b
f1a5ab6be644685ce655a44f5872c71408435e96e99cf2fdae4e6a40b72ac685
f2657a69392cbce6cf01b4387076eab2aa1e05ee1754c78a1fd9c668520feb41
f550ebb738536fe7e7ec7357b540a659f3c4e930b9a3175600522ae3af666072
f5ea36368cfc5decc826a6539f588b23af5f6f53e8fe3bd85995e9892d340274
f879d2111d4b25a75431d36227b63c2b73d5da275b90f4da31e2638d8c42fc50
fab0097c0642d4ff88feb7c90c0e180e0cb59e4b3b895cae3fa6bb02bf9f1be4
fac7e040c9b4361bc6f582798fa84bae6af18b4d166825fe2eb4011148e4f625
fb2313359cfa4870901065f06151991f8acd954bb8bfe187dff6c319164b08e8
fb487ba5553ebed70e297978f8e15d1ac18f96959e2bc7d68bab786e984042a1
fc1f1b37f23054516ffa65e76c9ec0c12f1ddd4e9d947089c7e8b5e567664564
fe501f00bdfc8308e3735869ed4e4f5cdaf85d5ffc96426d165a0dbe23735f50

malware366.rssing.com Open in urlscan Pro 199.127.61.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

236 Requests

71 %HTTPS

50 %IPv6

32 Domains

51 Subdomains

30 IPs

7 Countries

2795 kBTransfer

13419 kBSize

0 Cookies

39 Outgoing links

Redirected requests

236 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

malware366.rssing.com Open in urlscan Pro
199.127.61.68 Public Scan

Screenshot
Live screenshot

Full Image

236
Requests

71 %
HTTPS

50 %
IPv6

32
Domains

51
Subdomains

30
IPs

7
Countries

2795 kB
Transfer

13419 kB
Size

0
Cookies

236 HTTP transactions
3 data transactions