combofix.org Open in urlscan Pro
192.124.249.133 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://combofix.org/
Effective URL:
https://combofix.org/
Submission Tags: tranco_l324
Submission: On April 22 via api (April 22nd 2024, 3:30:07 am UTC) from DE — Scanned from DE

Summary HTTP 58 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 11 domains to perform 58 HTTP transactions. The main IP is 192.124.249.133, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is combofix.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 27th 2023. Valid for: a year.

This is the only time combofix.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	192.124.249.133 192.124.249.133	30148 (SUCURI-SEC) (SUCURI-SEC)
3	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
12	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	157.240.252.13 157.240.252.13	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.184.193 142.250.184.193	15169 (GOOGLE) (GOOGLE)
58	14

26 192.124.249.133 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10133.sucuri.net

combofix.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	combofix.org combofix.org	215 KB
14	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	265 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31 region1.google-analytics.com — Cisco Umbrella Rank: 2404	21 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	90 KB
2	google.com apis.google.com — Cisco Umbrella Rank: 127	76 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1306	28 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	158 KB
1	gstatic.com fonts.gstatic.com	19 KB
0	hellobar.com Failed my.hellobar.com Failed
0	amazon-adsystem.com Failed z-na.amazon-adsystem.com Failed
58	11

	Domain	Requested by
26	combofix.org	combofix.org
12	pagead2.googlesyndication.com	combofix.org pagead2.googlesyndication.com
3	fonts.googleapis.com	combofix.org
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	combofix.org connect.facebook.net
2	apis.google.com	combofix.org apis.google.com
2	platform.twitter.com	combofix.org platform.twitter.com
2	www.googletagmanager.com	combofix.org www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
0	my.hellobar.com Failed	combofix.org
0	z-na.amazon-adsystem.com Failed	combofix.org
58	13

This site contains links to these domains. Also see Links.

Domain
www.combofix.org
link.safecart.com
supportz.com

Subject Issuer	Validity	Valid
combofix.org Go Daddy Secure Certificate Authority - G2	`2023-11-27` - `2024-11-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-01-30` - `2024-04-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://combofix.org/
Frame ID: F3446CFE8223900F92524789F2E88B9F
Requests: 49 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcombofix.org
Frame ID: D18DEDE8E47C40370825452D0A261EA2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&adk=1812271804&adf=3025194257&lmt=1713756603&plaf=2%3A2&plat=1%3A16777216%2C8%3A128%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x810_l%7C260x810_r&format=0x0&url=https%3A%2F%2Fcombofix.org%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602929&bpp=2&bdt=407&idt=135&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=8545174483726&frm=20&pv=2&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fsapi=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&ifi=1&uci=a!1&fsb=1&dtd=145
Frame ID: 3F7F8C23BDB87A69BF61D8D79BB7EB39
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=250&slotname=6157894680&adk=628962043&adf=837003640&pi=t.ma~as.6157894680&w=300&lmt=1713756603&format=300x250&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602931&bpp=1&bdt=409&idt=154&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=490&ady=145&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&ifi=2&uci=a!2&fsb=1&dtd=157
Frame ID: 0FA264490914DC1456E5E900B25C009E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=163&slotname=4629896720&adk=1250810111&adf=3459182269&pi=t.ma~as.4629896720&w=650&fwrn=4&lmt=1713756603&rafmt=11&format=650x163&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602932&bpp=1&bdt=410&idt=174&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C300x250&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=1&rplot=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&ifi=3&uci=a!3&fsb=1&dtd=175
Frame ID: D9CC89FFDC5FDD283567E4681EAF4570
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=250&slotname=8244469145&adk=3883175264&adf=2409015401&pi=t.ma~as.8244469145&w=250&lmt=1713756603&format=250x250&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602932&bpp=1&bdt=410&idt=181&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C300x250%2C650x163&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=985&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&ifi=4&uci=a!4&fsb=1&dtd=183
Frame ID: D18080BDD4746EB06AC42F7898F56235
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html
Frame ID: 4576590D799081389CEE6E5C0F96F440
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html
Frame ID: 3DAF43D8DC687A63FC1208678700D130
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html
Frame ID: 19535B5EC63953D5D0BED3090DD4E3C1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DA1A41158D17C9D1447C94005F18E6AD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home - COMBOFIX

Page URL History Show full URLs

http://combofix.org/ HTTP 307
https://combofix.org/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

58
Requests

95 %
HTTPS

69 %
IPv6

11
Domains

13
Subdomains

14
IPs

2
Countries

876 kB
Transfer

2390 kB
Size

6
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://www.combofix.org/
Title: Home

Search URL Search Domain Scan URL

URL: http://www.combofix.org/category/articles
Title: Articles

Search URL Search Domain Scan URL

URL: https://link.safecart.com/22ycp6/aHR0cDovL3d3dy53aXBlcnNvZnQuY29tL2Rvd25sb2Fk
Title: Download Now

Search URL Search Domain Scan URL

URL: https://link.safecart.com/2m556q/aHR0cHM6Ly9idXkuY29tYm9jbGVhbmVyLmNvbS9vZmZlcnMvcncvbHAxLw
Title: Download Now for Mac OS

Search URL Search Domain Scan URL

URL: https://link.safecart.com/22ycp3/aHR0cDovL3d3dy53aXBlcnNvZnQuY29tLw
Title: WiperSoft

Search URL Search Domain Scan URL

URL: https://link.safecart.com/2qw4yu/aHR0cHM6Ly93d3cud2F0Y2hkb2dkZXZlbG9wbWVudC5jb20vZW4vaG9tZS9hbnRpLW1hbHdhcmU
Title: Watchdog Anti-Malware

Search URL Search Domain Scan URL

URL: https://link.safecart.com/2qw4z2/aHR0cHM6Ly93YXRjaGRvZ2RldmVsb3BtZW50LmNvbS9lbi9kb3dubG9hZC9hbnRpLW1hbHdhcmU
Title: Download Watchdog Anti-Malware

Search URL Search Domain Scan URL

URL: http://supportz.com/hiding-places-for-malware/
Title: Hiding Places for Malware

Search URL Search Domain Scan URL

URL: http://supportz.com/
Title: Supportz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://combofix.org/ HTTP 307
https://combofix.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
combofix.org/
Redirect Chain

http://combofix.org/
https://combofix.org/

42 KB
42 KB

130ms
39ms

Document
text/html

192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

73c647f2fc694c979237c198c9069f48e4e0e2784e57a3e26421c6a7bd292dea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control: max-age=300
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Mon, 22 Apr 2024 03:30:02 GMT
expires: Mon, 22 Apr 2024 03:03:55 GMT
link: <https://combofix.org/wp-json/>; rel="https://api.w.org/", <https://combofix.org/>; rel=shortlink
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-endurance-cache-level: 2
x-frame-options: SAMEORIGIN
x-sucuri-cache: HIT
x-sucuri-id: 15033
x-xss-protection: 1; mode=block

Redirect headers

Location: https://combofix.org/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 css
fonts.googleapis.com/ 6 KB
2 KB 134ms
48ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 02:39:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H2 200 tabbed.css
combofix.org/wp-content/plugins/hmt-clickmissile/css/ 26 KB
6 KB 65ms
64ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/hmt-clickmissile/css/tabbed.css

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

fa2ff180f17ac917b6d8f1dbce9a0601c7800cd8fc1a6045d2f74d22ff84f6c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 5523
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:03:50 GMT
server: nginx
etag: "2520c0f-665b-5d5dc93a2e180-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
combofix.org/wp-includes/css/dist/block-library/ 40 KB
6 KB 66ms
64ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/css/dist/block-library/style.min.css?ver=5.3.17

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 5729
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:54:23 GMT
server: nginx
etag: "254080d-a055-5d5dc71d725c0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie-law-info-public.css
combofix.org/wp-content/plugins/cookie-law-info/public/css/ 3 KB
1 KB 66ms
65ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.8.2

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

81e82457fb12ef9a7b3981eceba4363763a703fd04bbe4da183903fd74e2cbcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 744
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:55:33 GMT
server: nginx
etag: "25207b7-b26-5d5dc76034340-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie-law-info-gdpr.css
combofix.org/wp-content/plugins/cookie-law-info/public/css/ 23 KB
4 KB 67ms
66ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.8.2

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

2e313d1901cc92fad67cbf3c0819ad41ccb812e3ed051a0a90444c7a07b6eb41

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 3755
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:57:52 GMT
server: nginx
etag: "25207b5-5c22-5d5dc7e4c3c00-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cmam.css
combofix.org/wp-content/plugins/hmt-clickmissile/css/ 1 KB
771 B 67ms
66ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/hmt-clickmissile/css/cmam.css

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

4a307b23109100a018bd09b57252692174e3b588798c30c4ea65385ceda0a1e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 379
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:21:37 GMT
server: nginx
etag: "2520bf2-50c-5d5dcd33c0240-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
combofix.org/wp-content/themes/heatmap-adaptive/ 58 KB
10 KB 68ms
67ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/themes/heatmap-adaptive/style.css?ver=20130606

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

f9d3cd5e437d9f5e9861d6bdb7b46fdf8b507f4e85b59b304b2928b0fc299f79

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 9791
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:19:24 GMT
server: nginx
etag: "1a81db0-e715-5d5dccb4e9700-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 default.min.css
combofix.org/wp-content/plugins/tablepress/css/ 6 KB
3 KB 68ms
68ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/tablepress/css/default.min.css?ver=1.10

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

760bc4d420605c167dd90147b0e0d82b4e761a18bc35be7aeffaa4192b371635

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 2524
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:24:37 GMT
server: nginx
etag: "1d60e4b-16ef-5d5dcddf69740-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pum-site-styles.css
combofix.org/wp-content/uploads/pum/ 15 KB
3 KB 69ms
68ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/uploads/pum/pum-site-styles.css?generated=1571947672&ver=1.8.14

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

4e7899324890771aef2c1619930694956366786a3f02655d8a0cbb71ea0976c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 2825
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:24:21 GMT
server: nginx
etag: "2161d21-3ce6-5d5dcdd027340-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blue-crunch.css
combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/colours/ 11 KB
2 KB 41ms
40ms Stylesheet
text/css 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/colours/blue-crunch.css

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

8dfc46a10219a41225d3d4b28d7312ffcb74760c0fa311717fdd681fc24ca1a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 2062
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:56:13 GMT
server: nginx
etag: "2520b91-2b11-5d5dc78659d40-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.js Show response
combofix.org/wp-includes/js/jquery/ 95 KB
33 KB 73ms
72ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 32866
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:58:40 GMT
server: nginx
etag: "25408df-17a69-5d5dc8128a800-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
combofix.org/wp-includes/js/jquery/ 10 KB
4 KB 74ms
73ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 3826
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:20:01 GMT
server: nginx
etag: "25408d9-2748-5d5dccd832a40-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cookie-law-info-public.js Show response
combofix.org/wp-content/plugins/cookie-law-info/public/js/ 21 KB
5 KB 75ms
74ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.8.2

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

f0dc5a104ad07a87dec3f36b5ff8eb24b974cf484e1d378fdf7d4578ea9f4b9d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 4810
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:17:43 GMT
server: nginx
etag: "25207be-553f-5d5dcc54973c0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 small-menu.js Show response
combofix.org/wp-content/themes/heatmap-adaptive/js/ 3 KB
1 KB 75ms
75ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/themes/heatmap-adaptive/js/small-menu.js?ver=5.3.17

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

8521827d98882426bbb201e64f00d65b47aaeca0396b022cddff4219d53783cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 707
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:02:31 GMT
server: nginx
etag: "1ac2336-a5e-5d5dc8eed6fc0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 social.js Show response
combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/js/ 476 B
608 B 75ms
75ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/js/social.js?ver=20130606

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

53b498904ee710938ba9e0bdcd6f9a202580333c937ee3a91668c1a9da09fbbb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 212
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:20:43 GMT
server: nginx
etag: "2520bb2-1dc-5d5dcd00408c0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
50 KB 136ms
55ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b181f49614e230f4b89df14f1b0cc341bc47528cdd3f63ddb4da9bbc0bf269b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51470
x-xss-protection: 0
server: cafe
etag: 10514983582856893326
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
72 KB 146ms
57ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-111464907-1

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd1371e55664bb7e32cf63773f2f6cb3462b6d5049f7db56c9112f00611bf920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73256
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET onejs
z-na.amazon-adsystem.com/widgets/ 0
0

GET
H2 200 virus.jpg
combofix.org/wp-content/uploads/ 14 KB
14 KB 75ms
75ms Image
image/jpeg 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://combofix.org/wp-content/uploads/virus.jpg

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

840808ab522d334089f4282d445f00404d2d96e28746d41a64c92c43457d10f4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 14439
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:23:49 GMT
server: nginx
etag: "1aa20dd-3867-5d5dcdb1a2b40"
x-frame-options: SAMEORIGIN
x-endurance-cache-level: 2
content-type: image/jpeg
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blue-network.jpg
combofix.org/wp-content/uploads/ 19 KB
19 KB 76ms
75ms Image
image/jpeg 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://combofix.org/wp-content/uploads/blue-network.jpg

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

929dfb0c7749b8e64d5bfd75877de229832e603c390c53688440e2745d695029

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 19254
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:17:15 GMT
server: nginx
etag: "1aa20b1-4b36-5d5dcc39e34c0"
x-frame-options: SAMEORIGIN
x-endurance-cache-level: 2
content-type: image/jpeg
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lock.jpg
combofix.org/wp-content/uploads/ 10 KB
11 KB 39ms
39ms Image
image/jpeg 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://combofix.org/wp-content/uploads/lock.jpg

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

f5a4ac15ec2ddc2612aaed028d1317bf4a5bf984669373a3a1950118661f88b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 10388
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:07:36 GMT
server: nginx
etag: "1aa20ba-2894-5d5dca11b5e00"
x-frame-options: SAMEORIGIN
x-endurance-cache-level: 2
content-type: image/jpeg
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Alert-Wipersoft.png
combofix.org/wp-content/uploads/ 24 KB
25 KB 39ms
39ms Image
image/png 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://combofix.org/wp-content/uploads/Alert-Wipersoft.png

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

3fddb5ab2954aa1ae648e55a20e1f23ccc7ca58f758e67c0296b0a0007be4fc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
content-length: 25057
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:20:02 GMT
server: nginx
etag: "1aa2068-61e1-5d5dccd926c80"
x-frame-options: SAMEORIGIN
x-endurance-cache-level: 2
content-type: image/png
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cmam-adscript.js Show response
combofix.org/wp-content/plugins/hmt-clickmissile/js/ 176 B
498 B 38ms
38ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/plugins/hmt-clickmissile/js/cmam-adscript.js

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

60ad102a0c16f0706e5d96a6ec94383e6ca9a9eb7f8cf9876ce15875090b93fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 102
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:11:31 GMT
server: nginx
etag: "2520c61-b0-5d5dcaf1d2ec0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
combofix.org/wp-includes/js/jquery/ui/ 4 KB
2 KB 39ms
39ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 1659
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:51:48 GMT
server: nginx
etag: "25408ec-f59-5d5dc689a0900-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 position.min.js Show response
combofix.org/wp-includes/js/jquery/ui/ 6 KB
3 KB 39ms
38ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

0ce51090b148a45a0e3d652719ed6ef7f1a38e5d272dbf874f86a49664e897a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 2317
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:59:41 GMT
server: nginx
etag: "2540903-1926-5d5dc84cb7140-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pum-site-scripts.js Show response
combofix.org/wp-content/uploads/pum/ 47 KB
13 KB 39ms
39ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1571947672&ver=1.8.14

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

22410b8f7fe3c15541e8c1ed038ec8e0debda48561f020dc8d54e10dd77ea9ca

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 12899
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:14:19 GMT
server: nginx
etag: "2161d20-bdd3-5d5dcb920a8c0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-embed.min.js Show response
combofix.org/wp-includes/js/ 1 KB
1 KB 41ms
39ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/wp-embed.min.js?ver=5.3.17

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

37c5f58f12814dd0ecc28f15b7765c6bcd31a9479d330b4ef896e140bf89dc38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 678
x-xss-protection: 1; mode=block
last-modified: Tue, 16 May 2023 21:10:06 GMT
server: nginx
etag: "1a22458-5a3-5fbd5fee792c3-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET .js
my.hellobar.com/ 0
0

GET
H2 200 wp-emoji-release.min.js Show response
combofix.org/wp-includes/js/ 14 KB
5 KB 41ms
40ms Script
text/javascript 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/wp-includes/js/wp-emoji-release.min.js?ver=5.3.17

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

95309410230b1d3148e52211dcee018bfa011a2d69e9d7d6f81164035e8518a0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 4267
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 14:56:15 GMT
server: nginx
etag: "1a2245b-3619-5d5dc788421c0-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
548 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,300italic,400italic

Requested by

Host: combofix.org
URL: https://combofix.org/wp-content/plugins/hmt-clickmissile/css/tabbed.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b44a52121cb7bb2cae5f064f5a682755aa576bc318aa417e95861c8d7ea1f638

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 03:06:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
671 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Acme|Montserrat

Requested by

Host: combofix.org
URL: https://combofix.org/wp-content/uploads/pum/pum-site-styles.css?generated=1571947672&ver=1.8.14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5e8eb3ac27502f64410d9546683d5681dd75e8bdf2918b0a38e4f99f2d875291

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 03:00:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 185ms
39ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: combofix.org
URL: https://combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/js/social.js?ver=20130606
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 22 Apr 2024 03:30:02 GMT
Content-Encoding: gzip
Age: 1251
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6711)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 plusone.js Show response
apis.google.com/js/ 55 KB
21 KB 159ms
47ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: combofix.org
URL: https://combofix.org/wp-content/plugins/heatmap-adaptive-pro-plugin/js/social.js?ver=20130606

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cd977105a9aec4c87856b9c9cd1088a83f53288a77172a2ac84e574ad4b3c38

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 03:30:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21304
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "2295f03556cbf763"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
19 KB 124ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://combofix.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 12:31:52 GMT
x-content-type-options: nosniff
age: 140290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18668
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Apr 2025 12:31:52 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
3 KB 123ms
43ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6eeb7092144a03fae6704a170018d5bae2d8851ce6d16610129e134bcdd31bae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 03:30:02 GMT
content-md5: ARkGxrZZTuHM9s2jxD6qYw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2772, tp=-1, tpl=-1, uplat=3, ullat=-1
x-fb-debug: yMT1G1b8tNCtgL16STRCzXtOB21ECXOhy/QuiEtDWxql/TF1IoVf8RW7NqJ8xxA6EZizWYH5UXZCI725ElGKjQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 30088eaf55ac03be6cfd1e7004e91f63
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "f1a41c7256ebc7e7c0d5f3136ef38e72"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 22 Apr 2024 03:42:22 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 306 KB
87 KB 81ms
41ms Script
application/x-javascript 157.240.252.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=f5d09048f8d0f169679f61c5429ea4b1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

bed09508700857dfb58ee7dc5942da2a03ed6e87e49047f8ef4e0627b7aa0ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Origin: https://combofix.org
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 03:30:02 GMT
content-md5: YAn9NzAxlSXBvFtWpjoCXA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88530
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=38, mss=1232, tbw=4284, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: C1tvbqBjlAGs8b1+2T8lmZQQzGde804T7uEcwo9b2lqGb5tDq7OSTNzYw5m1RVuJZt10U1+xl3BCWizXfJHFmQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 5ab6f13a0ee0a81f09ee2ff0a98ec47b
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "5204fbcbce28bb585034133bc340adc6"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 22 Apr 2025 03:02:18 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/ 412 KB
140 KB 75ms
74ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2378435975573048&plah=combofix.org&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

eacf65d06c898eb4bb373154c8b1cca2b07acc70aacc3cf723e66cc06db30e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142910
x-xss-protection: 0
server: cafe
etag: 6361779716818288428
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 22 Apr 2024 03:30:02 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.-N67K4ZqcbY.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_gtfHin_QEh95VEMb_GlSMKA87MQ/ 157 KB
55 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.-N67K4ZqcbY.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_gtfHin_QEh95VEMb_GlSMKA87MQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f39b50178049c1c98694c76d6221cd6d035f9f4902153d445e3f5698dd61c74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Apr 2024 17:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55825
x-xss-protection: 0
last-modified: Sun, 31 Mar 2024 15:20:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 18 Apr 2025 17:08:29 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame D18D 0
0 160ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fcombofix.org
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2424151
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Apr 2024 03:30:03 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
87 KB 58ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VF3Y1EC1W1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-111464907-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

babcdbaa4c5f9e1361063f4dda8743ad28960057ad7ea600e2411da46cfa2ec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88436
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 22 Apr 2024 03:30:03 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 129ms
39ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-111464907-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Apr 2024 01:48:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6115
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 22 Apr 2024 03:48:08 GMT

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame 3F7F 0
0 503ms
427ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&adk=1812271804&adf=3025194257&lmt=1713756603&plaf=2%3A2&plat=1%3A16777216%2C8%3A128%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x810_l%7C260x810_r&format=0x0&url=https%3A%2F%2Fcombofix.org%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602929&bpp=2&bdt=407&idt=135&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=8545174483726&frm=20&pv=2&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fsapi=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&ifi=1&uci=a!1&fsb=1&dtd=145

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2378435975573048&plah=combofix.org&aplac=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 76240
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 03:30:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 70ms
70ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: combofix.org
URL: https://combofix.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 03:30:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame 0FA2 0
0 444ms
380ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=250&slotname=6157894680&adk=628962043&adf=837003640&pi=t.ma~as.6157894680&w=300&lmt=1713756603&format=300x250&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602931&bpp=1&bdt=409&idt=154&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=490&ady=145&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&ifi=2&uci=a!2&fsb=1&dtd=157

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 39889
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 03:30:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
243 B 132ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-VF3Y1EC1W1&gtm=45je44h0v9110127284za200&_p=1713756602740&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=313432165.1713756603&ul=de-de&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1713756603&sct=1&seg=0&dl=https%3A%2F%2Fcombofix.org%2F&dt=Home%20-%20COMBOFIX&en=page_view&_fv=1&_ss=1&tfd=718
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VF3Y1EC1W1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 03:30:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://combofix.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame D9CC 0
0 500ms
455ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=163&slotname=4629896720&adk=1250810111&adf=3459182269&pi=t.ma~as.4629896720&w=650&fwrn=4&lmt=1713756603&rafmt=11&format=650x163&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602932&bpp=1&bdt=410&idt=174&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C300x250&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=1&rplot=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=660&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&ifi=3&uci=a!3&fsb=1&dtd=175

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 40479
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 03:30:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame D180 0
0 372ms
335ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2378435975573048&output=html&h=250&slotname=8244469145&adk=3883175264&adf=2409015401&pi=t.ma~as.8244469145&w=250&lmt=1713756603&format=250x250&url=https%3A%2F%2Fcombofix.org%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3LjYwIl0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny42MCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1713756602932&bpp=1&bdt=410&idt=181&shv=r20240417&mjsv=m202404160101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C300x250%2C650x163&nras=1&correlator=8545174483726&frm=20&pv=1&ga_vid=313432165.1713756603&ga_sid=1713756603&ga_hid=527957218&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=985&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31082771%2C42531705%2C44795921&oid=2&pvsid=2783919229396302&tmod=550460855&uas=0&nvt=1&fc=1920&brdim=60%2C60%2C60%2C60%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&ifi=4&uci=a!4&fsb=1&dtd=183

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 37956
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 22 Apr 2024 03:30:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
204 B 46ms
46ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=527957218&t=pageview&_s=1&dl=https%3A%2F%2Fcombofix.org%2F&ul=de-de&de=UTF-8&dt=Home%20-%20COMBOFIX&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=62802482&gjid=1042921171&cid=313432165.1713756603&tid=UA-111464907-1&_gid=1518821260.1713756603&_r=1&gtm=457e44h0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&jsscut=1&npa=1&z=2111393054

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Apr 2024 03:30:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://combofix.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/ 167 KB
56 KB 59ms
58ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404160101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

308d3cf93b0948e39d69b343ef26caba280506212bebe800b1ab73bf814c96c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57772
x-xss-protection: 0
server: cafe
etag: 16327202927688449146
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Apr 2024 03:30:03 GMT

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/ Frame 4576 0
0 39ms
39ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 25428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Apr 2024 20:26:15 GMT
etag: 5035419970550746386
expires: Sun, 05 May 2024 20:26:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/ Frame 3DAF 0
0 38ms
38ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 25428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Apr 2024 20:26:15 GMT
etag: 5035419970550746386
expires: Sun, 05 May 2024 20:26:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/ Frame 1953 0
0 38ms
38ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240417/r20110914/zrt_lookup_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 25428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 21 Apr 2024 20:26:15 GMT
etag: 5035419970550746386
expires: Sun, 05 May 2024 20:26:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 137ms
58ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240417&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

96749e2db10d407ebf38042a3628b32748d1dd8afac8a78eeff0832ea5ee78c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12437
x-xss-protection: 0

GET
H2 200 favicon.ico
combofix.org/ 822 B
511 B 39ms
39ms Other
image/x-icon 192.124.249.133
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://combofix.org/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.133 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10133.sucuri.net

Software

nginx /

Resource Hash

c3aece6f00821bd986da195aa15e2b0891b2c81a862cccf2a3069204b9a92186

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:03 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
content-length: 116
x-xss-protection: 1; mode=block
last-modified: Tue, 18 Jan 2022 15:18:30 GMT
server: nginx
etag: "19c1a08-336-5d5dcc8169d80-br"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/x-icon
x-endurance-cache-level: 2
cache-control: max-age=315360000
x-sucuri-id: 15033
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 147ms
62ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://combofix.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 22 Apr 2024 03:30:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Apr 2024 03:30:04 GMT

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DA1A 0
0 39ms
39ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://combofix.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 40246
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 21 Apr 2024 16:19:18 GMT
expires: Mon, 21 Apr 2025 16:19:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: z-na.amazon-adsystem.com
URL: https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=47d1211a-7b20-4f21-a3b6-8f6944069da4

Domain: my.hellobar.com
URL: https://my.hellobar.com/.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240417&jk=2783919229396302&bg=!GBulG1TNAAZ55ZTXWeU7ADQBe5WfON_8r4oqoBSzJm3FV-Ok3RHR6qYLo_NtycaLuCISikTyiWQlkF4a0sb_mRBcxxN9AgAAAC1SAAAAAWgBB34ANRtLzkcbZVL0O_mPTXePMBVHFEiBiVSctVnKBTYOuZGVB2kPq4eT7ZwLkzi-pmUS6eigsI-CCgAvaFDUa_X67MuKptyfo5RHg9pICGXLl1Z7aPhnK3PckeK3fxejAeN2NghC8gEmBvyZAtBPI9W19qD9rkELHQ4MC4OnOWkuvomknc69VatyjHSvjKDMTVjvPPsRMMBZX1klyRzrux7fPizLSp7R_ITNwmZprzdPIuhdpdmdmEQ4IXNggn6jI6Kw7vImM_aFMXAZJpSf1M56C_PHoIYD1ubbeVNmBXtGuUo3fptijg344BOrqrhdn0f85Dzcw6wdCXlAemZpy3Hc5-j11Dhrq7mYpakzU2LofmI0f1JOfJbvUO0aRBbcPxfwQfjxp4xXvXoAQGZ6K3BxalvdWdqubJHqXbt6TocQL-PhzW49vxr2t8VP4_ITm5byPuss9bdP13rnMX5HmyfNyE9avBHZ78DtkeKjEVPiEsS3m630OuWF3Id0KxNActDU8JalEnk_-QTtaZ6UGoEUDsOYn1a60L4ggqY3-b7UYgpQYFu9EYiALIanYJPfptBvK0T6flvspODYCzs9pw_7irqR83S1m8gqidMAuxa_Pl-e6mKQM7Pd2j1u6udICjyPu0nf0QNkdwJSDM88cjfsfcq33AQl6F1ylQ8fxQG5CfoHjmxuAKjq0VTzkEsQv3N8StmxeFI0ACskjMWklYpy8Aq0BfnaPrMtBKE-joJA4jXFVIIc3NgVrrvdcMPrzvzoov-uzxBotUBolM6HZg7nToI4j7uTWHCkUEOlTNNvJ-NaYBw7Q69OKI7d2wEe91KL0MbDr_xgcW9Sys4cujBHdheK85L3X8yq8fQEPJDh66tdF990YMoUff5BFi_T5X9IliTTawfTpSanTn5SQ_O3Q3sq-_7tj73egrLG1p36G4ribT0ZyaDJ0KLPi243fZby9orE7RxlbX7cupC5UoQBggue53l6mWz9mFRdqcuKCcHhtRPm3DbKWtEMwTPoBF4iMA8UUNXnp8mNpfS31LbadqQBx3rvobv-ZKnh7-7xRYiNOcIgaqPfarctmwp2jNNJ_yq-mHgMdMjnlPA

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
combofix.org/	1970-01-20 20:02:40	Name: cookielawinfo-checkbox-necessary Value: yes
.combofix.org/	1970-01-21 05:38:36	Name: _ga_VF3Y1EC1W1 Value: GS1.1.1713756603.1.0.1713756603.0.0.0
.combofix.org/	1970-01-21 05:38:36	Name: _ga Value: GA1.2.313432165.1713756603
.combofix.org/	1970-01-20 20:04:03	Name: _gid Value: GA1.2.1518821260.1713756603
.combofix.org/	1970-01-20 20:02:36	Name: _gat_gtag_UA_111464907_1 Value: 1
.combofix.org/	1970-01-21 00:21:48	Name: __eoi Value: ID=ba1e000e90b01578:T=1713756603:RT=1713756603:S=AA-AfjZsRARKzpDqT_AN88SZamVH

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=47d1211a-7b20-4f21-a3b6-8f6944069da4 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
combofix.org
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
my.hellobar.com
pagead2.googlesyndication.com
platform.twitter.com
region1.google-analytics.com
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
z-na.amazon-adsystem.com
my.hellobar.com
pagead2.googlesyndication.com
z-na.amazon-adsystem.com
142.250.184.193
142.250.184.226
157.240.252.13
192.124.249.133
2001:4860:4802:34::36
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:801::200a
2a00:1450:4001:810::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2001
2a03:2880:f084:d:face:b00c:0:3
0ce51090b148a45a0e3d652719ed6ef7f1a38e5d272dbf874f86a49664e897a3
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
22410b8f7fe3c15541e8c1ed038ec8e0debda48561f020dc8d54e10dd77ea9ca
2e313d1901cc92fad67cbf3c0819ad41ccb812e3ed051a0a90444c7a07b6eb41
308d3cf93b0948e39d69b343ef26caba280506212bebe800b1ab73bf814c96c5
37c5f58f12814dd0ecc28f15b7765c6bcd31a9479d330b4ef896e140bf89dc38
3fddb5ab2954aa1ae648e55a20e1f23ccc7ca58f758e67c0296b0a0007be4fc7
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4a307b23109100a018bd09b57252692174e3b588798c30c4ea65385ceda0a1e8
4e7899324890771aef2c1619930694956366786a3f02655d8a0cbb71ea0976c5
53b498904ee710938ba9e0bdcd6f9a202580333c937ee3a91668c1a9da09fbbb
5e8eb3ac27502f64410d9546683d5681dd75e8bdf2918b0a38e4f99f2d875291
5f39b50178049c1c98694c76d6221cd6d035f9f4902153d445e3f5698dd61c74
60ad102a0c16f0706e5d96a6ec94383e6ca9a9eb7f8cf9876ce15875090b93fe
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cd977105a9aec4c87856b9c9cd1088a83f53288a77172a2ac84e574ad4b3c38
6eeb7092144a03fae6704a170018d5bae2d8851ce6d16610129e134bcdd31bae
73c647f2fc694c979237c198c9069f48e4e0e2784e57a3e26421c6a7bd292dea
760bc4d420605c167dd90147b0e0d82b4e761a18bc35be7aeffaa4192b371635
81e82457fb12ef9a7b3981eceba4363763a703fd04bbe4da183903fd74e2cbcd
840808ab522d334089f4282d445f00404d2d96e28746d41a64c92c43457d10f4
8521827d98882426bbb201e64f00d65b47aaeca0396b022cddff4219d53783cb
8dfc46a10219a41225d3d4b28d7312ffcb74760c0fa311717fdd681fc24ca1a2
929dfb0c7749b8e64d5bfd75877de229832e603c390c53688440e2745d695029
95309410230b1d3148e52211dcee018bfa011a2d69e9d7d6f81164035e8518a0
96749e2db10d407ebf38042a3628b32748d1dd8afac8a78eeff0832ea5ee78c5
b181f49614e230f4b89df14f1b0cc341bc47528cdd3f63ddb4da9bbc0bf269b1
b44a52121cb7bb2cae5f064f5a682755aa576bc318aa417e95861c8d7ea1f638
babcdbaa4c5f9e1361063f4dda8743ad28960057ad7ea600e2411da46cfa2ec0
bed09508700857dfb58ee7dc5942da2a03ed6e87e49047f8ef4e0627b7aa0ea1
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
c3aece6f00821bd986da195aa15e2b0891b2c81a862cccf2a3069204b9a92186
dd1371e55664bb7e32cf63773f2f6cb3462b6d5049f7db56c9112f00611bf920
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfd6d929422d1f69a727fb6b525f610562eab183a333576516bec0b0503cb049
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
eacf65d06c898eb4bb373154c8b1cca2b07acc70aacc3cf723e66cc06db30e7a
f0dc5a104ad07a87dec3f36b5ff8eb24b974cf484e1d378fdf7d4578ea9f4b9d
f5a4ac15ec2ddc2612aaed028d1317bf4a5bf984669373a3a1950118661f88b4
f9d3cd5e437d9f5e9861d6bdb7b46fdf8b507f4e85b59b304b2928b0fc299f79
fa2ff180f17ac917b6d8f1dbce9a0601c7800cd8fc1a6045d2f74d22ff84f6c2

combofix.org Open in urlscan Pro 192.124.249.133 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

95 %HTTPS

69 %IPv6

11 Domains

13 Subdomains

14 IPs

2 Countries

876 kBTransfer

2390 kBSize

6 Cookies

9 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

combofix.org Open in urlscan Pro
192.124.249.133 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

95 %
HTTPS

69 %
IPv6

11
Domains

13
Subdomains

14
IPs

2
Countries

876 kB
Transfer

2390 kB
Size

6
Cookies

58 HTTP transactions
0 data transactions