www.avocatnet.ro Open in urlscan Pro
193.189.98.233  Public Scan

29 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

• https://ado.icorp.ro/_1593694444352/ad.js?id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 HTTP 301
• https://ado.icorp.ro/__/_1593694444352/ad.js?id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 HTTP 301
• https://icorpadro.hit.gemius.pl/redataredir?url=https%3A%2F%2Fado.icorp.ro%2F__%2F_1593694444%2Fad.js%3Fhclsdata%3DHCLSDATA%26hcudata%3DHCUDATA%26id%3D.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7%2Fadov%3D4.1.0%2Fx%3D1600%2Fy%3D1200%2Fkey%3D%2C%2Fsectiune%3D100%2FforumID%3D22%2Ffv%3D-%2Flptype%3D1 HTTP 301
• https://icorpadro.hit.gemius.pl/__/redataredir?url=https%3A%2F%2Fado.icorp.ro%2F__%2F_1593694444%2Fad.js%3Fhclsdata%3DHCLSDATA%26hcudata%3DHCUDATA%26id%3D.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7%2Fadov%3D4.1.0%2Fx%3D1600%2Fy%3D1200%2Fkey%3D%2C%2Fsectiune%3D100%2FforumID%3D22%2Ffv%3D-%2Flptype%3D1 HTTP 301
• https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1

Request Chain 62

• https://ado.icorp.ro/event/nc=0/code=cyDjzePHQ1Hz23scyE.A6IhLwUblSoVgJdWiGWJ9oZ3.t7/eprog=1/data=https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 HTTP 301
• https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
5 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Malware-keylogger-frauda.html*2 Show response www.avocatnet.ro/forum/discutie_735630/	59 KB 17 KB	643ms 481ms	Document text/html	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 2027d7be989540593060d97124b88397145df05b214593f8b4542028c4825a62 Request headers :method GET :authority www.avocatnet.ro :scheme https :path /forum/discutie_735630/Malware-keylogger-frauda.html*2 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server nginx/1.16.1 date Thu, 02 Jul 2020 12:54:03 GMT content-type text/html; charset=utf-8 vary Accept-Encoding set-cookie PHPSESSID=bb93i7qt1bvbehah2cpqvgu226; path=/; HttpOnly _csrf=0a228176d0b8e67714f47ac0c235021de7c7a7264e24d13d8ce9330dc62e6315a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%226dijO0SVzNO_rJj7TUatupl-dd2pizbw%22%3B%7D; path=/; HttpOnly expires Sat, 01 Aug 2020 12:54:03 GMT cache-control max-age=2592000 pragma no-cache content-encoding gzip
GET H2	200	css fonts.googleapis.com/	6 KB 1 KB	36ms 16ms	Stylesheet text/css	2a00:1450:4001:801::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 530465ee9d60b3fb23a085d817608ef119a3c5f9f4fe7aac0ea2db04575c0a4a Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff status 200 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 02 Jul 2020 12:54:03 GMT server ESF date Thu, 02 Jul 2020 12:54:03 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 02 Jul 2020 12:54:03 GMT
GET H2	200	ado.js Show response ado.icorp.ro/files/js/	94 KB 27 KB	199ms 46ms	Script application/x-javascript	164.132.5.11 OVH
General Check archive.org Show headers Download Go to Full URL https://ado.icorp.ro/files/js/ado.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 164.132.5.11 , France, ASN16276 (OVH, FR), Reverse DNS Software GAD / Resource Hash 9124c7fc5ce15bd2e58825b6c1a6ab7fd2b4822535315dec165675c22028017e Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 06 May 2020 07:13:46 GMT server GAD etag "5EB263AA000176074B63CC6A" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, must-revalidate, max-age=14400 accept-ranges bytes content-type application/x-javascript content-length 27356 expires Thu, 02 Jul 2020 16:54:03 GMT
GET H2	200	mltwidget.css www.avocatnet.ro/min/css/	3 KB 1 KB	80ms 78ms	Stylesheet text/css	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/css/mltwidget.css?v=1.3.4 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash bd641f727ec5b5df6bed4fef9005ca8c9bfd4e72e34f664015aedd3cd518b184 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 11 Mar 2020 12:38:02 GMT server nginx/1.16.1 etag W/"5e68dbaa-d67" vary Accept-Encoding content-type text/css status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	top.css www.avocatnet.ro/min/css/	336 KB 80 KB	84ms 83ms	Stylesheet text/css	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/css/top.css?v=6.99.22 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 987fdcdb421ce00f25f1822d4af2126c925022036a27712c492a32e041424718 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 20 May 2020 13:39:43 GMT server nginx/1.16.1 etag W/"5ec5331f-53e80" vary Accept-Encoding content-type text/css status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	premiuminfo.css www.avocatnet.ro/min/css/	2 KB 810 B	210ms 208ms	Stylesheet text/css	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/css/premiuminfo.css?v=1.3.2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash fc78dd43200ea1d8b36628e9e949f85f3dd0d98b2527dfca83b9a4d467f1668d Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Thu, 14 May 2020 11:05:17 GMT server nginx/1.16.1 etag W/"5ebd25ed-800" vary Accept-Encoding content-type text/css status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	inteligowidget.css www.avocatnet.ro/min/css/	2 KB 874 B	210ms 209ms	Stylesheet text/css	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/css/inteligowidget.css?v=1.2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 7b6b61eb3e453faa91e83bc3e334a25f63f568d5e8231af45e6d86d14d00a2ee Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 29 Apr 2020 10:49:52 GMT server nginx/1.16.1 etag W/"5ea95bd0-948" vary Accept-Encoding content-type text/css status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	top.js Show response www.avocatnet.ro/min/js/	106 KB 44 KB	210ms 209ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/js/top.js?v=6.99.21 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash bb771b004946bb6043e5d613f316567e6c6c27f9c4ed4990cdfc0a95a6ae6357 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Fri, 18 Aug 2017 08:57:08 GMT server nginx/1.16.1 etag W/"5996abe4-1a92f" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	logo-letter.jpg www.avocatnet.ro/images/	2 KB 2 KB	86ms 83ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/logo-letter.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 50c2770cbb1262ffc902aeb21aade29e034872fbcca9096d5b0045bb84117191 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Thu, 14 May 2020 11:05:17 GMT server nginx/1.16.1 etag "5ebd25ed-7c6" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 1990 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	cb63526af95d629e9971b36715236f5d.jpg www.avocatnet.ro/images/cached/	373 B 441 B	86ms 84ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/cached/cb63526af95d629e9971b36715236f5d.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 6b5862dd008d2a118f500a219c56385c1c83238a6c6d477ed9c3f66efe5995ff Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Mon, 04 Sep 2017 12:15:42 GMT server nginx/1.16.1 etag "59ad43ee-175" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 373 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	446037_4f6c109a58a0dc186ece68671a68b4da.jpg www.avocatnet.ro/images/cached/	407 B 475 B	86ms 84ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/cached/446037_4f6c109a58a0dc186ece68671a68b4da.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 739c4b0d1313c4ff4c9badabc4df3e58dc03492b59c72bbdca784e71df6aacfa Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Sat, 06 Apr 2019 15:50:08 GMT server nginx/1.16.1 etag "5ca8cab0-197" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 407 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	422076_61f70e3c35388621902129f59ba2d434.jpg www.avocatnet.ro/images/cached/	1 KB 2 KB	87ms 85ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/cached/422076_61f70e3c35388621902129f59ba2d434.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash cb7d7cf6cc9ceceffe73ffb7516cea6e12e9974f5097303e4be2e57aa89a7ef0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Fri, 04 May 2018 06:58:25 GMT server nginx/1.16.1 etag "5aec0491-5ee" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 1518 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	422076_6b958b4b4bc304feef9493c057e9c4c7.jpg www.avocatnet.ro/images/cached/	412 B 479 B	87ms 85ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/cached/422076_6b958b4b4bc304feef9493c057e9c4c7.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 46778214c98b137b51721b7dc2e4055584808ab5e3a9a8e0fa7bef5250ca7ee4 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Mon, 14 May 2018 15:36:24 GMT server nginx/1.16.1 etag "5af9acf8-19c" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 412 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	forum.js Show response www.avocatnet.ro/min/js/	10 KB 4 KB	77ms 76ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/js/forum.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 05ce73f33177a11a07634fb21eb22a9504228bf6624d0a75393f13c3df510634 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Mon, 17 Jun 2019 10:12:20 GMT server nginx/1.16.1 etag W/"5d076784-2898" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	mltwidget.js Show response www.avocatnet.ro/min/js/	1 B 71 B	76ms 76ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/js/mltwidget.js?v=1.3.4 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Fri, 16 Aug 2019 11:45:28 GMT server nginx/1.16.1 etag "5d569758-1" content-type application/javascript status 200 cache-control max-age=86400, public accept-ranges bytes content-length 1 expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	7ffbb4d9eaf1d0a6a35e12c4f20b55e2.jpg www.avocatnet.ro/images/cached/	313 B 382 B	87ms 85ms	Image image/jpeg	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/cached/7ffbb4d9eaf1d0a6a35e12c4f20b55e2.jpg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 06a0266fc937a457f332827f813a4073e2ecdc73b586736579f40a3240ca849b Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Mon, 04 Sep 2017 12:15:43 GMT server nginx/1.16.1 etag "59ad43ef-139" content-type image/jpeg status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 313 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	bottom.js Show response www.avocatnet.ro/min/js/	75 KB 25 KB	83ms 80ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/js/bottom.js?v=6.99.22 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 2442b54085f8cd86a1b2f29d93c7b8fddaf3850c30c7a4dfbfe222989f47abd7 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Thu, 14 May 2020 11:05:17 GMT server nginx/1.16.1 etag W/"5ebd25ed-12b64" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	yii.js Show response www.avocatnet.ro/assets/d5115a29/	20 KB 7 KB	84ms 82ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/assets/d5115a29/yii.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 27 May 2020 10:55:03 GMT server nginx/1.16.1 etag W/"5ece4707-51c6" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	yii.activeForm.js Show response www.avocatnet.ro/assets/d5115a29/	35 KB 9 KB	85ms 82ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/assets/d5115a29/yii.activeForm.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 9d17fd9e0bba9cd38ac6a41ba00feb6c1b15611859b7d0c092c22ca24f2df47e Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Wed, 27 May 2020 10:55:03 GMT server nginx/1.16.1 etag W/"5ece4707-8ba9" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H2	200	inteligowidget.js Show response www.avocatnet.ro/min/js/	277 B 266 B	86ms 83ms	Script application/javascript	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/min/js/inteligowidget.js?v=1.2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 32b73096be5dd6c5c761693158468c269f7480ee3cc9f287e61c5dfbf249e9eb Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip last-modified Tue, 15 Jan 2019 12:28:36 GMT server nginx/1.16.1 etag W/"5c3dd1f4-115" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=86400, public expires Fri, 03 Jul 2020 12:54:03 GMT
GET H/1.1	200 OK	sati_init.js Show response code3.adtlgc.com/js/	47 KB 12 KB	92ms 30ms	Script application/javascript	104.111.241.70 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://code3.adtlgc.com/js/sati_init.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.241.70 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-241-70.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash c2c4df5385e2eca60e39a323e6b62a0f2338b45b97930cdc7f70b5dc9e2b9916 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 02 Jul 2020 12:54:03 GMT Content-Encoding gzip Last-Modified Fri, 07 Feb 2020 16:02:02 GMT Server AmazonS3 X-Amz-Cf-Pop FRA53-C1 Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=58615 Connection keep-alive Content-Length 11834 X-Amz-Cf-Id prU1PN4qAvgFD6nASig16aAVNw4akh38hO56lrVvqK2huTPlPOCKrw== Expires Fri, 03 Jul 2020 05:10:58 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	63 KB 25 KB	39ms 19ms	Script application/javascript	2a00:1450:4001:806::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-S6NM Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash b2afd8f56279e6187d65fa61c331af485c5988153e42fb04999a284e79b6814b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding br vary Accept-Encoding status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 25471 x-xss-protection 0 last-modified Thu, 02 Jul 2020 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 02 Jul 2020 12:54:03 GMT
GET H/1.1	200 OK	cx.js Show response scdn.cxense.com/	101 KB 24 KB	33ms 6ms	Script application/x-javascript	2a02:26f0:6c00:19a::268b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://scdn.cxense.com/cx.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 2a02:26f0:6c00:19a::268b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software AkamaiNetStorage / Resource Hash df3308ab370f2a3cb8f95f86c591e6d9c2d6b02c5889eae8dc20ad6cf91b6c6d Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 02 Jul 2020 12:54:03 GMT Content-Encoding gzip Last-Modified Thu, 02 Jul 2020 08:04:51 GMT Server AkamaiNetStorage Vary Accept-Encoding Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control max-age=3600 Connection keep-alive Accept-Ranges bytes Content-Length 24574 Expires Thu, 02 Jul 2020 13:54:03 GMT
GET H2	200	fontawesome-webfont.woff2 www.avocatnet.ro/fonts/	75 KB 76 KB	135ms 134ms	Font font/woff2	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Full URL https://www.avocatnet.ro/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.avocatnet.ro/min/css/top.css?v=6.99.22 Origin https://www.avocatnet.ro Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Thu, 25 May 2017 09:36:19 GMT server nginx/1.16.1 etag "5926a593-12d68" content-type font/woff2 status 200 cache-control max-age=2592000 accept-ranges bytes content-length 77160 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H2	200	1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 13 KB	36ms 16ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:12:27 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:25 GMT server sffe age 747696 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13428 x-xss-protection 0 expires Wed, 23 Jun 2021 21:12:27 GMT
GET H2	200	1Ptrg8zYS_SKggPNwIouWqZPANqczVs.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 13 KB	34ms 15ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwIouWqZPANqczVs.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7d1a48d4eaa4b3accebbc72b3c7f2577bf662a409a79c8cc9cc9db6e13bb7b0d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:19:22 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:42 GMT server sffe age 747281 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13132 x-xss-protection 0 expires Wed, 23 Jun 2021 21:19:22 GMT
GET H2	200	1Ptrg8zYS_SKggPNwJYtWqZPANqczVs.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 13 KB	32ms 13ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwJYtWqZPANqczVs.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5c1dde4cdc5c608da53737233f02219a7421ab6870d5d90bc0b7b294d571942c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:13:23 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:54 GMT server sffe age 747640 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13228 x-xss-protection 0 expires Wed, 23 Jun 2021 21:13:23 GMT
GET H2	200	1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 13 KB	31ms 12ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwK4vWqZPANqczVs.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9c695acb1fb9e1a8739e6ae5621d41fc1ff3d13bbf370ea9c1fc95e879109890 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:19:22 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:35 GMT server sffe age 747281 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13564 x-xss-protection 0 expires Wed, 23 Jun 2021 21:19:22 GMT
GET H2	200	1Ptrg8zYS_SKggPNwN4rWqZPANqczVs.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 14 KB	25ms 8ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwN4rWqZPANqczVs.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 046fa5c62e3b17b46ea2f8c601465dacfd5c153aee7a71754a9be582de74a385 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:14:02 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:23 GMT server sffe age 747601 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13752 x-xss-protection 0 expires Wed, 23 Jun 2021 21:14:02 GMT
GET H2	200	1Ptug8zYS_SKggPNyCMIT4ttDfCmxA.woff2 fonts.gstatic.com/s/raleway/v16/	9 KB 10 KB	10ms 7ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptug8zYS_SKggPNyCMIT4ttDfCmxA.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9545e3627ea461154cab8a69f9710d5b2d544e3f38e21dd61dd08991cb8b4b13 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:19:46 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:32 GMT server sffe age 747257 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9388 x-xss-protection 0 expires Wed, 23 Jun 2021 21:19:46 GMT
GET H2	200	1Ptrg8zYS_SKggPNwJYtWqhPANqczVsq4A.woff2 fonts.gstatic.com/s/raleway/v16/	9 KB 9 KB	6ms 5ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwJYtWqhPANqczVsq4A.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 390364cc07ac7bfe65e544b07b59a4158013f94de9770db8c68b96f23cdcbccc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:19:47 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:54 GMT server sffe age 747256 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9340 x-xss-protection 0 expires Wed, 23 Jun 2021 21:19:47 GMT
GET H2	200	1Ptrg8zYS_SKggPNwN4rWqhPANqczVsq4A.woff2 fonts.gstatic.com/s/raleway/v16/	10 KB 10 KB	6ms 5ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwN4rWqhPANqczVsq4A.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 00ff663c805d519a7a1bcea5b2bafdd971a93737929849fdc4e6ec55b033cd45 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:20:01 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:39 GMT server sffe age 747242 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10008 x-xss-protection 0 expires Wed, 23 Jun 2021 21:20:01 GMT
GET H2	200	1Ptrg8zYS_SKggPNwPIsWqZPANqczVs.woff2 fonts.gstatic.com/s/raleway/v16/	13 KB 13 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:816::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/raleway/v16/1Ptrg8zYS_SKggPNwPIsWqZPANqczVs.woff2 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5b9c05ae7b05e6ef6129a065795922649a71851bd9f57d080dc86e3efa34a51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Raleway:400,400italic,500,600,700,700italic,800,900 Origin https://www.avocatnet.ro Response headers date Tue, 23 Jun 2020 21:13:23 GMT x-content-type-options nosniff last-modified Tue, 23 Jun 2020 21:05:33 GMT server sffe age 747640 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13404 x-xss-protection 0 expires Wed, 23 Jun 2021 21:13:23 GMT
GET H2	200	uc.js Show response consent.cookiebot.com/	69 KB 23 KB	46ms 17ms	Script application/javascript	2620:1ec:bdf::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://consent.cookiebot.com/uc.js?cbid=2da2224a-ee50-42bd-8094-db6888ce6880 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-S6NM Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash a3750e9f2794ac8e2cfcf2e8d1b09e746609d80d5c0bb2547336f2adceab67df Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip etag "868aba581748d61:0" last-modified Sun, 21 Jun 2020 22:00:16 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET vary Accept-Encoding x-cache TCP_HIT content-type application/javascript status 200 cache-control public,max-age=1200 x-azure-ref 069j9XgAAAAA0zgwl33sNTarDvjnzBtbIQU1TRURHRTA1MTkAMzRmYzcyNzUtYmE5My00YmMzLWI3YTUtMjZmYWVhNTkwOTM1 accept-ranges bytes content-length 22759
GET H2	200	analytics.js Show response www.google-analytics.com/	45 KB 18 KB	26ms 6ms	Script text/javascript	2a00:1450:4001:824::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 04 Jun 2020 23:38:14 GMT server Golfe2 age 2305 date Thu, 02 Jul 2020 12:15:38 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18469 expires Thu, 02 Jul 2020 14:15:38 GMT
GET H2	200	loader_140.svg www.avocatnet.ro/images/loader/	736 B 816 B	76ms 76ms	Image image/svg+xml	193.189.98.233 GLOBALIS-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.avocatnet.ro/images/loader/loader_140.svg Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/min/js/top.js?v=6.99.21 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.189.98.233 , Romania, ASN33925 (GLOBALIS-AS, RO), Reverse DNS 233.98.189.193.unused.globalis.Ro Software nginx/1.16.1 / Resource Hash 783c213bbb3923b33bbf8d3cf118184c2be16723ec841cef3840e7c5487f978f Request headers Referer https://www.avocatnet.ro/min/css/top.css?v=6.99.22 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT last-modified Tue, 08 Jan 2019 14:03:41 GMT server nginx/1.16.1 etag "5c34adbd-2e0" content-type image/svg+xml status 200 cache-control max-age=2592000, public accept-ranges bytes content-length 736 expires Sat, 01 Aug 2020 12:54:03 GMT
GET H/1.1	200 OK	sp1.html scdn.cxense.com/ Frame C57C	0 0	6ms 6ms	Document text/html	2a02:26f0:6c00:19a::268b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://scdn.cxense.com/sp1.html Requested by Host: scdn.cxense.com URL: https://scdn.cxense.com/cx.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 2a02:26f0:6c00:19a::268b , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software Apache / Resource Hash Request headers Host scdn.cxense.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Response headers Server Apache Last-Modified Wed, 29 Aug 2012 13:33:36 GMT Accept-Ranges bytes Content-Length 219 Cache-Control max-age=864000 Expires Sun, 12 Jul 2020 12:54:03 GMT Date Thu, 02 Jul 2020 12:54:03 GMT Connection keep-alive Content-Type text/html Content-Encoding gzip Access-Control-Allow-Origin * Vary Accept-Encoding
GET H/1.1	200 OK	segment Show response api.cxense.com/profile/user/	77 B 693 B	120ms 31ms	Script text/javascript	147.75.85.120 PACKET
General Check archive.org Show headers Download Go to Full URL https://api.cxense.com/profile/user/segment?callback=cXJsonpCBkc4siuyoxua9r33p&persisted=1efed8728c7a38f0f14d514edb06042610ed4306&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22kc4siuyfm532hk77%22%2C%22type%22%3A%22cx%22%7D%5D%7D Requested by Host: scdn.cxense.com URL: https://scdn.cxense.com/cx.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.85.120 Parsippany, United States, ASN54825 (PACKET, US), Reverse DNS Software Jetty(9.4.28.v20200408) / Resource Hash 1a9f2746fcfc2c3ff051fe6b30a96ace504f60ff8497556d394636a57eade2f4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:03 GMT x-content-type-options nosniff server Jetty(9.4.28.v20200408) strict-transport-security max-age=31536000 p3p policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" cache-control no-store, no-cache, must-revalidate content-type text/javascript;charset=utf-8 content-length 77 expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	200	collect www.google-analytics.com/r/	35 B 196 B	17ms 13ms	Image image/gif	2a00:1450:4001:824::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1904176445&t=pageview&_s=1&dl=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&ul=en-us&de=UTF-8&dt=Malware%20%2F%20keylogger%20frauda%20-%20R%C4%83spunsuri%20Avocatnet.ro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1857871431&gjid=135310896&cid=1565874165.1593694444&tid=UA-348160-1&_gid=855250302.1593694444&_r=1&z=480052967 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:03 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bc.min.html consentcdn.cookiebot.com/sdk/ Frame 0CC6	0 0	97ms 24ms	Document text/html	152.199.19.77 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://consentcdn.cookiebot.com/sdk/bc.min.html Requested by Host: consent.cookiebot.com URL: https://consent.cookiebot.com/uc.js?cbid=2da2224a-ee50-42bd-8094-db6888ce6880 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.19.77 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (mil/6BA6) / Resource Hash Request headers :method GET :authority consentcdn.cookiebot.com :scheme https :path /sdk/bc.min.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Response headers status 200 content-encoding gzip age 77584 cache-control max-age=86400 content-type text/html date Thu, 02 Jul 2020 12:54:03 GMT etag 0x8D639A604906444 last-modified Wed, 24 Oct 2018 11:44:12 GMT server ECAcc (mil/6BA6) vary Accept-Encoding x-cache HIT x-ms-blob-type BlockBlob x-ms-lease-status unlocked x-ms-request-id ec5fd218-f01e-0174-15bb-4f776e000000 x-ms-version 2009-09-19 content-length 385
GET H/1.1	200 OK	id Show response id.cxense.com/public/user/	118 B 689 B	104ms 27ms	Script text/javascript	178.63.12.144 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22kc4siuyfm532hk77%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%221x2p4krfm8muyq1oz03muccvb%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%221x2p4krfm8muyq1oz03muccvb%22%7D%5D%2C%22siteId%22%3A%221139605659494175182%22%2C%22location%22%3A%22https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2%22%7D&callback=cXJsonpCBkc4siv1zilr0wbh1 Requested by Host: scdn.cxense.com URL: https://scdn.cxense.com/cx.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.63.12.144 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS de714.cxense.com Software Jetty(9.4.28.v20200408) / Resource Hash 1ad4d9fd5ba880bc575a468fbe861769c42c97f1ee56c2daebc6da46e7415777 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 Jul 2020 12:54:04 GMT X-Content-Type-Options nosniff Server Jetty(9.4.28.v20200408) P3P policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Cache-Control no-store, no-cache, must-revalidate Content-Type text/javascript;charset=utf-8 Content-Length 118 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	200	cc.js Show response consent.cookiebot.com/2da2224a-ee50-42bd-8094-db6888ce6880/	165 KB 42 KB	104ms 104ms	Script application/x-javascript	2620:1ec:bdf::10 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://consent.cookiebot.com/2da2224a-ee50-42bd-8094-db6888ce6880/cc.js?renew=false&referer=www.avocatnet.ro&dnt=false&forceshow=false&cbid=2da2224a-ee50-42bd-8094-db6888ce6880&whitelabel=false&brandid=Cookiebot&framework= Requested by Host: consent.cookiebot.com URL: https://consent.cookiebot.com/uc.js?cbid=2da2224a-ee50-42bd-8094-db6888ce6880 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / ASP.NET Resource Hash f5c4bf49f033c1003b314cc7c5d1b6d5470ebb3079401d56cea7eb50f291e291 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:03 GMT content-encoding gzip x-aspnet-version 4.0.30319 status 200 x-powered-by ASP.NET vary Accept-Encoding access-control-allow-methods GET,HEAD,OPTIONS content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=1 x-azure-ref 07Nj9XgAAAAC98Mf7bxsvTKBJT4LmOKM4QU1TRURHRTA1MTkAMzRmYzcyNzUtYmE5My00YmMzLWI3YTUtMjZmYWVhNTkwOTM1 access-control-allow-headers cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers content-length 42765
GET H/1.1	200 OK	user Show response admp-tc-sati.adtlgc.com/	63 B 315 B	196ms 42ms	Script application/javascript	99.80.188.163 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admp-tc-sati.adtlgc.com/user?nw=0&cm=1&sg=1&callback=adapt_dataRequest_sati_admp.campaignCallback&cb=1593694444075&evid=&v=2.39 Requested by Host: code3.adtlgc.com URL: https://code3.adtlgc.com/js/sati_init.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.80.188.163 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-80-188-163.eu-west-1.compute.amazonaws.com Software / Resource Hash baee049272b23bef0a1a5f69bec303a844dc431d25607426aba9f49161e69be5 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 02 Jul 2020 12:54:04 GMT Connection keep-alive P3P policyref="http://code.adtlgc.com/w3c/p3p.xml",CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND COM NAV INT" Content-Length 63 Content-Type application/javascript
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9962ac6aa88c42fdbcd01a0eed5ea1e4e4a2c11d74b175e3187400a406373011 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4f29b4389a6e08bf3ffcdfb097597d5621b4abac31a74f89c3fa3537dc428e68 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	964 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d47bcf54431b918d4b86953244677a675940b21844a2ac41bee9b690415eb0b1 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	973 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	user Show response admp-tc-sati.adtlgc.com/	98 B 538 B	44ms 43ms	Script application/javascript	99.80.188.163 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admp-tc-sati.adtlgc.com/user?nw=1&cm=0&sg=0&callback=adapt_dataRequest_sati_admp.validateCallback&cb=1593694444299&evid=cx:1az2k3lae9xfw1pqnffnk9mk6c:16qb2hwko3nk0&v=2.39 Requested by Host: code3.adtlgc.com URL: https://code3.adtlgc.com/js/sati_init.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.80.188.163 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-80-188-163.eu-west-1.compute.amazonaws.com Software / Resource Hash 655ab2e48a484f4dcb9ae70e7169ee84e5b10f70cde27085989224e488ecf5f0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 02 Jul 2020 12:54:04 GMT Connection keep-alive P3P policyref="http://code.adtlgc.com/w3c/p3p.xml",CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND COM NAV INT" Content-Length 98 Content-Type application/javascript
GET H/1.1	200 OK	pagestat Show response admp-tc-sati.adtlgc.com/event/v3/	0 279 B	174ms 44ms	XHR image/jpeg	99.80.188.163 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admp-tc-sati.adtlgc.com/event/v3/pagestat?location=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&cb=1593694444348&evid=cx:1az2k3lae9xfw1pqnffnk9mk6c:16qb2hwko3nk0&v=2.39 Requested by Host: code3.adtlgc.com URL: https://code3.adtlgc.com/js/sati_init.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.80.188.163 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-80-188-163.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers XDomainRequestAllowed 1 Date Thu, 02 Jul 2020 12:54:04 GMT Access-Control-Allow-Methods * Content-Type image/jpeg Access-Control-Allow-Origin https://www.avocatnet.ro Access-Control-Allow-Credentials true Connection keep-alive Content-Length 0
GET H2	200	ad.js Show response ado.icorp.ro/__/_1593694444/ Redirect Chain https://ado.icorp.ro/_1593694444352/ad.js?id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 https://ado.icorp.ro/__/_1593694444352/ad.js?id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 https://icorpadro.hit.gemius.pl/redataredir?url=https%3A%2F%2Fado.icorp.ro%2F__%2F_1593694444%2Fad.js%3Fhclsdata%3DHCLSDATA%26hcudata%3DHCUDATA%26id%3D.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7... https://icorpadro.hit.gemius.pl/__/redataredir?url=https%3A%2F%2Fado.icorp.ro%2F__%2F_1593694444%2Fad.js%3Fhclsdata%3DHCLSDATA%26hcudata%3DHCUDATA%26id%3D.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn... https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=...	14 KB 14 KB	47ms 46ms	Script application/x-javascript	164.132.5.11 OVH
General Check archive.org Show headers Download Go to Full URL https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 164.132.5.11 , France, ASN16276 (OVH, FR), Reverse DNS Software GAD / Resource Hash 4a7a02a96c38b40a9983a75274e057827250549aeb3101687c87f0ce622836c8 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:05 GMT server GAD vary Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control no-store, no-cache, must-revalidate, max-age=0 accept-ranges none content-type application/x-javascript content-length 14137 expires Wed, 01 Jul 2020 12:54:05 GMT Redirect headers pragma no-cache date Thu, 02 Jul 2020 12:54:04 GMT server GHC status 301 p3p CP="NOI DSP COR NID PSAo OUR IND" location https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 cache-control no-store, no-cache, must-revalidate, max-age=0 accept-ranges none content-length 0 expires Wed, 01 Jul 2020 12:54:04 GMT
POST H2	200	sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 icorpadro.hit.gemius.pl/_1593694445065/redot.js/id=nFhLAAvnWDjfwjWXmRh2Y8bg7MSkrsSyXAGFKr9r1I3.f7/stparam=qchfixqjbs/fastid=kzwjewmlqoxlrhfocufwwitdcemr/	2 B 355 B	85ms 85ms	Other application/x-javascript	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/_1593694445065/redot.js/id=nFhLAAvnWDjfwjWXmRh2Y8bg7MSkrsSyXAGFKr9r1I3.f7/stparam=qchfixqjbs/fastid=kzwjewmlqoxlrhfocufwwitdcemr/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:05 GMT server GHC status 200 p3p CP="NOI DSP COR NID PSAo OUR IND" access-control-allow-origin https://www.avocatnet.ro cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true accept-ranges none content-type application/x-javascript content-length 2 expires Wed, 01 Jul 2020 12:54:05 GMT
GET H2	200	xgde.js Show response icorpadro.hit.gemius.pl/gdejs/	54 KB 19 KB	83ms 83ms	Script application/x-javascript	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/gdejs/xgde.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash be415d1fd37f535656a76e4fc6da27ac58072a7a00325f6696de1cc1557cc725 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip last-modified Thu, 14 May 2020 04:42:28 GMT server GHC etag "5EBCCC340000D642376AE96B" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, max-age=86400 accept-ranges none content-type application/x-javascript content-length 19126 expires Fri, 03 Jul 2020 12:54:05 GMT
GET H2	200	xgde.html icorpadro.hit.gemius.pl/gdejs/ Frame A378	0 0	83ms 82ms	Document text/html	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/gdejs/xgde.html Requested by Host: icorpadro.hit.gemius.pl URL: https://icorpadro.hit.gemius.pl/gdejs/xgde.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash Request headers :method GET :authority icorpadro.hit.gemius.pl :scheme https :path /gdejs/xgde.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 accept-encoding gzip, deflate, br accept-language en-US cookie Gdyn=KlxTzMGGQMQGClA6z5QPuU2WssGM41VoLvnxGsRPtP7iGKGGqGZ8LGlsleX2sbfPgKVoHRSG Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Response headers status 200 date Thu, 02 Jul 2020 12:54:05 GMT expires Fri, 03 Jul 2020 12:54:05 GMT server GHC accept-ranges none cache-control public, max-age=86400 last-modified Fri, 18 Aug 2017 12:03:49 GMT etag "5996D7A50000012F9178E011" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" content-type text/html;charset=utf-8 content-length 215 content-encoding gzip
GET H2	200	billboard_v2_gao_lib.js Show response ado.icorp.ro/files/js/	18 KB 7 KB	46ms 45ms	Script application/x-javascript	164.132.5.11 OVH
General Check archive.org Show headers Download Go to Full URL https://ado.icorp.ro/files/js/billboard_v2_gao_lib.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 164.132.5.11 , France, ASN16276 (OVH, FR), Reverse DNS Software GAD / Resource Hash e98fffd204568b16588a962af304816f391ccecf9d69dfaae6213a21cb628ee3 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip last-modified Thu, 25 Jun 2020 08:36:04 GMT server GAD etag "5EF461F4000047B4793F1FE6" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, must-revalidate, max-age=14400 accept-ranges bytes content-type application/x-javascript content-length 7023 expires Thu, 02 Jul 2020 16:54:05 GMT
GET H/1.1	200 OK	enreach_mipo.js Show response code3.adtlgc.com/js/	5 KB 2 KB	99ms 98ms	Script application/javascript	104.111.241.70 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://code3.adtlgc.com/js/enreach_mipo.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.241.70 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-241-70.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash 568bd8bf1fc8cbe72e768285650498ef51b47c8de7bdee42e36a5881709d2fdc Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 02 Jul 2020 12:54:05 GMT Content-Encoding gzip Last-Modified Fri, 17 Apr 2020 09:11:09 GMT Server AmazonS3 X-Amz-Cf-Pop FRA2-C2 Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=57233 Connection keep-alive Content-Length 1443 X-Amz-Cf-Id ReTwUJj2MJaCvtpNkxKN90QW1lurHWCoAaNe96x_Ovqc7GkV4kd5qQ== Expires Fri, 03 Jul 2020 04:47:58 GMT
GET H2	200	1000x100.jpg ado.icorp.ro/files/x/kbk/tnwjihu/wajgnqqjgc/	79 KB 79 KB	46ms 45ms	Image image/jpeg	164.132.5.11 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://ado.icorp.ro/files/x/kbk/tnwjihu/wajgnqqjgc/1000x100.jpg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 164.132.5.11 , France, ASN16276 (OVH, FR), Reverse DNS Software GAD / Resource Hash c3aafd2aae968bc2fcb3dcce91a868bc2c3a5565b0f9b7a075e2fff1bee8d178 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT last-modified Wed, 24 Jun 2020 08:50:18 GMT server GAD etag "5EF313CA00013B4DA83D03EC" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, must-revalidate, max-age=4320000 accept-ranges bytes content-type image/jpeg content-length 80717 expires Fri, 21 Aug 2020 12:54:05 GMT
POST H2	200	sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 icorpadro.hit.gemius.pl/_1593694445432/redot.js/id=0nTlROtTEXuI0Dp34UAPDZdSHXHsa_MSUNgFYF5a3Rv.o7/stparam=ogkkqpsnra/fastid=myzglpsdejetmxjrxuwcbrtcxxnz/	2 B 170 B	84ms 84ms	Other application/x-javascript	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/_1593694445432/redot.js/id=0nTlROtTEXuI0Dp34UAPDZdSHXHsa_MSUNgFYF5a3Rv.o7/stparam=ogkkqpsnra/fastid=myzglpsdejetmxjrxuwcbrtcxxnz/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/__/_1593694444/ad.js?hclsdata=&hcudata=oFEm6Tt0b3VRVAmxMCZx8kDSGtgoO3.vmsQeWTgB.qP.K7&id=.qQxS9YJXGQS8HEMCccWQs.jTCvvaRAmSQL2qu68pJn.Q7/adov=4.1.0/x=1600/y=1200/key=,/sectiune=100/forumID=22/fv=-/lptype=1 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:05 GMT server GHC status 200 p3p CP="NOI DSP COR NID PSAo OUR IND" access-control-allow-origin https://www.avocatnet.ro cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true accept-ranges none content-type application/x-javascript content-length 2 expires Wed, 01 Jul 2020 12:54:05 GMT
GET H2	200	xgde.js Show response icorpadro.hit.gemius.pl/gdejs/	54 KB 19 KB	83ms 82ms	Script application/x-javascript	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/gdejs/xgde.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash be415d1fd37f535656a76e4fc6da27ac58072a7a00325f6696de1cc1557cc725 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip last-modified Thu, 14 May 2020 04:42:28 GMT server GHC etag "5EBCCC340000D642376AE96B" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, max-age=86400 accept-ranges none content-type application/x-javascript content-length 19126 expires Fri, 03 Jul 2020 12:54:05 GMT
GET H/1.1	200 OK	adstat admp-tc-sati.adtlgc.com/event/v3/mipo/	0 224 B	43ms 43ms	Image image/jpeg	99.80.188.163 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://admp-tc-sati.adtlgc.com/event/v3/mipo/adstat?action=imp&bnId=707301192f0d6a8e3c8cdea647f052f6bfd594cd.jpg&evid=-entered&location=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&v=1&cb=1593694445431 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.80.188.163 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-80-188-163.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers XDomainRequestAllowed 1 Access-Control-Allow-Credentials true Connection keep-alive Date Thu, 02 Jul 2020 12:54:05 GMT Content-Length 0 Access-Control-Allow-Methods * Content-Type image/jpeg
GET H2	200	event s.synoint.com/	0 46 B	156ms 43ms	Image text/plain	13.48.189.98 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.synoint.com/event?e=adimp&a=65L9gG7&u=-entered&ad=707301192f0d6a8e3c8cdea647f052f6bfd594cd.jpg&loc=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&cb=1593694445431&ou=cx:cx:1az2k3lae9xfw1pqnffnk9mk6c:16qb2hwko3nk0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.48.189.98 Stockholm, Sweden, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-48-189-98.eu-north-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Thu, 02 Jul 2020 12:54:05 GMT content-length 0
GET H2	200	billboard_v2_gao_lib.js Show response ado.icorp.ro/files/js/	18 KB 7 KB	45ms 45ms	Script application/x-javascript	164.132.5.11 OVH
General Check archive.org Show headers Download Go to Full URL https://ado.icorp.ro/files/js/billboard_v2_gao_lib.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 164.132.5.11 , France, ASN16276 (OVH, FR), Reverse DNS Software GAD / Resource Hash e98fffd204568b16588a962af304816f391ccecf9d69dfaae6213a21cb628ee3 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip last-modified Thu, 25 Jun 2020 08:36:04 GMT server GAD etag "5EF461F4000047B4793F1FE6" vary Accept-Encoding,Origin p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control public, must-revalidate, max-age=14400 accept-ranges bytes content-type application/x-javascript content-length 7023 expires Thu, 02 Jul 2020 16:54:05 GMT
GET H2	200	syno_score_mipo.js Show response synocdn.com/js/	3 KB 2 KB	101ms 62ms	Script application/javascript	2606:4700:3033::ac43:d735 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://synocdn.com/js/syno_score_mipo.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/ado.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:d735 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39a58892bd091286fee3e002f3208825472ceb032b9552f5c8f50ad67b87dd42 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding br cf-cache-status HIT age 1423 status 200 x-amz-request-id 4660D771CBD48C62 x-amz-id-2 og+/gt5FVqFG1QFCZeohEMZjqyq5jhMbTzIIqiLeuKBBctT2Fd+HCvqzh6ADlh2nLP7Betph2ns= last-modified Mon, 29 Jun 2020 16:28:27 GMT server cloudflare etag W/"2889595696d860dcbb212749a988ab5a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript cache-control max-age=86400 cf-request-id 03b130782f000005bbfe2fe200000001 cf-ray 5ac8836d1d3c05bb-FRA
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/ Frame 0180	48 KB 16 KB	115ms 30ms	Script text/javascript	172.217.16.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: ado.icorp.ro URL: https://ado.icorp.ro/files/js/billboard_v2_gao_lib.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s11-in-f2.1e100.net Software sffe / Resource Hash ee716f81ef08b50b67d73d0b6bc68d86a11605ef1ca71c67907b7f09da11be5e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "558 / 275 of 1000 / last-modified: 1593628459" vary Accept-Encoding content-type text/javascript status 200 cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16159 x-xss-protection 0 expires Thu, 02 Jul 2020 12:54:05 GMT
GET H2	200	sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/ Redirect Chain https://ado.icorp.ro/event/nc=0/code=cyDjzePHQ1Hz23scyE.A6IhLwUblSoVgJdWiGWJ9oZ3.t7/eprog=1/data=https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUn... https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/sarg=5EFDD8EC0A863D9B%7C_cdata%3A129...	2 B 167 B	84ms 84ms	Other application/x-javascript	128.140.224.228 GTSCE GTS Central...
General Check archive.org Show headers Download Go to Full URL https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 128.140.224.228 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ), Reverse DNS Software GHC / Resource Hash 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:05 GMT server GHC p3p CP="NOI DSP COR NID PSAo OUR IND" status 200 cache-control no-store, no-cache, must-revalidate, max-age=0 accept-ranges none content-type application/x-javascript content-length 2 expires Wed, 01 Jul 2020 12:54:05 GMT Redirect headers pragma no-cache date Thu, 02 Jul 2020 12:54:05 GMT vary Origin server GAD status 301 location https://icorpadro.hit.gemius.pl/_1593694445679/redot.js/id=nLiadohj.3_Y.g.WT2_6DcUFfbo140e0SqL.PYiUnIP.W7/stparam=makkcvglna/fastid=genmisqmgfclfbavtqrjwmycztlt/sarg=5EFDD8EC0A863D9B%7C_cdata%3A1296218_0%2C1296222_0%2C1296225_0 p3p CP="NOI DSP COR NID PSAo OUR IND" access-control-allow-origin https://www.avocatnet.ro cache-control no-store, no-cache, must-revalidate, max-age=0 access-control-allow-credentials true content-length 0 expires Wed, 01 Jul 2020 12:54:05 GMT
GET H2	200	event s.synoint.com/	0 46 B	44ms 44ms	Image text/plain	13.48.189.98 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s.synoint.com/event?e=adimp&a=65L9gG7&u=-entered&ad=78f547fc90ba1f45e7547922f3bf457e16b18464.png&loc=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&cb=1593694445678&cm=1180496&ou=cx:cx:1az2k3lae9xfw1pqnffnk9mk6c:16qb2hwko3nk0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 13.48.189.98 Stockholm, Sweden, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-48-189-98.eu-north-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Thu, 02 Jul 2020 12:54:05 GMT content-length 0
GET H2	200	integrator.js Show response adservice.google.ch/adsid/ Frame 0180	109 B 829 B	36ms 15ms	Script application/javascript	2a00:1450:4001:809::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.ch/adsid/integrator.js?domain=www.avocatnet.ro Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers timing-allow-origin * date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 104 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/ Frame 0180	109 B 829 B	38ms 15ms	Script application/javascript	2a00:1450:4001:820::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=www.avocatnet.ro Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers timing-allow-origin * date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." status 200 cache-control private, no-cache, no-store content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 104 x-xss-protection 0
GET H2	200	pubads_impl_2020070106.js Show response securepubads.g.doubleclick.net/gpt/ Frame 0180	248 KB 88 KB	31ms 29ms	Script text/javascript	172.217.16.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s11-in-f2.1e100.net Software sffe / Resource Hash 5b5f47b70ff07686c4b21b99bbe79f015506b9fcb9f93f436f5b214f094097d6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 01 Jul 2020 17:33:33 GMT server sffe vary Accept-Encoding content-type text/javascript status 200 cache-control private, immutable, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 89946 x-xss-protection 0 expires Thu, 02 Jul 2020 12:54:05 GMT
GET H2	200	ads Show response securepubads.g.doubleclick.net/gampad/ Frame 0180	17 KB 6 KB	55ms 54ms	XHR text/plain	172.217.16.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1530317376826316&correlator=2188307731911212&output=ldjh&impl=fif&adsid=NT&eid=21066272%2C21066660&vrg=2020070106&us_privacy=1---&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200702&iu_parts=22022118142%2Cavocatnet%2C300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&cookie_enabled=1&cdm=www.avocatnet.ro&bc=31&abxe=1&lmt=1593694445&dt=1593694445852&dlt=1593694445615&idt=213&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=3&adxs=615&adys=1175&adks=3919229248&ucis=hk011xpj9x6y&ifi=1&ifk=2903479554&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&top=https%3A%2F%2Fwww.avocatnet.ro%2Fforum%2Fdiscutie_735630%2FMalware-keylogger-frauda.html*2&dssz=6&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&ga_vid=1395887770.1593694446&ga_sid=1593694446&ga_hid=936358132&fws=256&ohw=0&btvi=0 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s11-in-f2.1e100.net Software cafe / Resource Hash 058533f4f66346563cda7f7db7d55d63c48ff5a3551915e2c2df9586745be38c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5179 x-xss-protection 0 google-lineitem-id 5399015411 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id 138313551249 content-type text/plain; charset=UTF-8 access-control-allow-origin https://www.avocatnet.ro access-control-expose-headers x-google-amp-ad-validated-version cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html 15a0e04a658d294754582984ab1d1495.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 0180	0 0	47ms 13ms	Other text/html	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://15a0e04a658d294754582984ab1d1495.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	container.html tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 0180	0 0	27ms 6ms	Other text/html	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers
GET H2	200	amp4ads-v0.js Show response cdn.ampproject.org/rtv/012006230309000/ Frame 07BA	205 KB 57 KB	37ms 6ms	Script text/javascript	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6ce200758387e7446ef2d83ac06d37ed663ab0bf7e1370c5a659017bd5662d7c Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 484 status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 57191 x-xss-protection 0 server sffe date Thu, 02 Jul 2020 12:46:01 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/javascript access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "c3e1735ca4791a48" accept-ranges bytes timing-allow-origin * expires Fri, 02 Jul 2021 12:46:01 GMT
GET H2	200	amp-analytics-0.1.js Show response cdn.ampproject.org/rtv/012006230309000/v0/ Frame 07BA	96 KB 29 KB	45ms 15ms	Script text/javascript	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cdn.ampproject.org/rtv/012006230309000/v0/amp-analytics-0.1.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a825d0e781d4861afa8cca726ae602e1c9ae49cbf6dc77390a08384039694c47 Security Headers Name Value Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp content-encoding br x-content-type-options nosniff age 469 status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29740 x-xss-protection 0 server sffe date Thu, 02 Jul 2020 12:46:16 GMT strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/javascript access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=31536000 etag "0a5060c0fd825ed9" accept-ranges bytes timing-allow-origin * expires Fri, 02 Jul 2021 12:46:16 GMT
GET DATA	200 OK	truncated / Frame 07BA	211 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 46751b8db78ee76fa872426ef9111baf83b2a59fea582ace66b829085989f1a9 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H2	200	7211312083588052957 tpc.googlesyndication.com/simgad/ Frame 07BA	134 KB 134 KB	7ms 7ms	Image image/png	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/7211312083588052957 Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 18d128721d31fefcd3a24bdb84befb85b18f4dcb38925cc430f0d728a2d9f677 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 12 Jun 2020 09:02:00 GMT x-content-type-options nosniff age 1741925 x-dns-prefetch-control off status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 137273 x-xss-protection 0 last-modified Sat, 06 Jun 2020 17:11:48 GMT server sffe content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 12 Jun 2021 09:02:00 GMT
GET H2	200	view securepubads.g.doubleclick.net/pcs/ Frame 07BA	0 291 B	56ms 56ms	Image image/gif	172.217.16.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss4dYCAOBDfPzOkxBUBAFuWoeyaPoljjwJqPr-3ZUyceuNRRN5BXE1zREZQqrCCUVG9uWqLWUQWHY62dojDkN6TTPd9mvWeDBWoepkgkE8ncQJsvNvE-kU7vKrBwYjB-cO_nk5pYS7ejAZIbDaykl4uHgm-L-zYsgOh_X-sivld4KlhygrMTigAa2cCkgC0rw1SJpSPSCIpWxOWrPvCFiDqdKwvr-ku2Os-Ib9u1mDD71QdxXNJf0VATfy_VD5uwMTjifN-oJC_3QdyLyekQb17KJ62_S6m3LG9YCI&sai=AMfl-YSPaSvl06Vm-Qz-GHgYZnIr3ujAcxaxsLRvd_hxLRCkCeV1Z7-1lC42JROqufstlvvVbGtmRKeLWjbLSqd2RKMNEVc3Zjj_r3zd6YHWkQ&sig=Cg0ArKJSzC_aixCx6PqREAE&adurl= Requested by Host: www.avocatnet.ro URL: https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s11-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers timing-allow-origin * date Thu, 02 Jul 2020 12:54:05 GMT x-content-type-options nosniff server cafe status 200 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Thu, 02 Jul 2020 12:54:05 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 0180	7 KB 6 KB	37ms 17ms	XHR application/json	2a00:1450:4001:809::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020070106&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5f7c4f447d14640a90b37dafb43d1efa45df108ca25e9c3be735d688acebd62a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers timing-allow-origin * date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff server cafe status 200 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 5631 x-xss-protection 0
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 0180	14 KB 6 KB	43ms 40ms	Script text/javascript	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020070106.js?21066660 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 02 Jul 2020 12:54:05 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1591403518460474" vary Accept-Encoding content-type text/javascript status 200 cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5540 x-xss-protection 0 expires Thu, 02 Jul 2020 12:54:05 GMT
GET H2	200	runner.html tpc.googlesyndication.com/sodar/sodar2/210/ Frame 8769	0 0	6ms 6ms	Document text/html	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/210/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 Response headers status 200 accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html content-length 4590 date Thu, 02 Jul 2020 12:27:50 GMT expires Fri, 02 Jul 2021 12:27:50 GMT last-modified Wed, 26 Feb 2020 19:47:50 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 1576 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	7211312083588052957 tpc.googlesyndication.com/simgad/ Frame 07BA	134 KB 134 KB	6ms 6ms	Image image/png	2a00:1450:4001:815::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/7211312083588052957 Requested by Host: cdn.ampproject.org URL: https://cdn.ampproject.org/rtv/012006230309000/amp4ads-v0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 18d128721d31fefcd3a24bdb84befb85b18f4dcb38925cc430f0d728a2d9f677 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 12 Jun 2020 09:02:00 GMT x-content-type-options nosniff age 1741926 x-dns-prefetch-control off status 200 alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 137273 x-xss-protection 0 last-modified Sat, 06 Jun 2020 17:11:48 GMT server sffe content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 12 Jun 2021 09:02:00 GMT
GET H2	200	view securepubads.g.doubleclick.net/pcs/ Frame 07BA	0 54 B	57ms 57ms	Image image/gif	172.217.16.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstMT7yf4oIsPDJ04mndsA7nr8obL9xEdD_K9UehoEigAAdSk7tFgMuXO-QVuilX74V62dqwOVonriOwxx0uM_Y_8E8H3pJJO6sMWurtPYoAOQUllFAYs9wtLScdaMyYnt_h1IyPUGWTWu15TmFzGO4uPxZQ_b_j9BFlxOFnySAkbf2VjwkbShQdQPGa5psqiPJMh9rxli-jvm-LZQdjHEqtLi4MTvhhEIWwigWp1CWPwfFExt_F4ZcPaaGsc9rTnhkjatBViF8qvjYOUcCoCHk&sai=AMfl-YT6ilOR8ndfcbkUOqdQ3EErUyBAgCffM-XGjJF7PMBcnfsOls6jqjuK80Ls0UpOUIYpGKoqjnyIQ6C2bwCEJzo7lnqtuMgorSq3KaBf_A&sig=Cg0ArKJSzFJJuwQf3lRQEAE&adurl= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra15s11-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers timing-allow-origin * date Thu, 02 Jul 2020 12:54:06 GMT x-content-type-options nosniff server cafe status 200 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H2	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 0180	0 233 B	15ms 15ms	Image image/gif	2a00:1450:4001:809::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020070106&jk=1530317376826316&bg=!iYqlipJYWWHBIas91OICAAAAQ1IAAAANmQGbrOQj7sJTJpPlYTCEO-OQ19PAmIKELPBoWQXatnD6SVZ_UdDjPUxf9JLNqdJ1TTk8tihGUdmzts-_zFmGZI4XwJtLyMNp4FJai1vTRAGzx9gJZd-3Mha775roXvPyhyH6wmcPtGOiqkkWS7zYilMNhTB8ezk_xVkxM4uFr_oZM6VYJCFAe56_Ht5YhtlzvoBGp-gYYTPIhVGiW6TJbb0ro2SpmhcGXHgB_wlsOf7JHcCMDBTiOhFjAQ664gBwJ5oqM8iWwQppbEVcVB0UKH6JfjdVxQ-MweRY9ljLR1w3lC1jD11SaWP7Ry4uHyWdj4nEKFuofriWWkufApp_tyO6FYy-XjphNK10Ccv7tZPOuhbPQpisw9iDh0XngdLtyxwA1_jtZ4NlApLHp6MFpCI0M4QpwrY4gek_0VE1ky0MCP0Hjxa2nn4b17efpQ4v08h74mE8ibAgCNU68iXpalA3ikxcn4V3YI0fyRK0r-7a5ur-6pDQy18kVtp5pzRKe3ZBXyc26HhwXg88vSdyY7aYaT9tHQCm0zW14v2E Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.avocatnet.ro/forum/discutie_735630/Malware-keylogger-frauda.html*2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 02 Jul 2020 12:54:06 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 204 cache-control no-cache, must-revalidate content-type image/gif alt-svc h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT