urlscan.io logo urlscan.io
SecurityTrails logo

www.windowscentral.com Open in urlscan Pro
2606:4700::6812:bc37  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/WbYruGRdwh
Effective URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Submission: On April 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 44 IPs in 6 countries across 41 domains to perform 105 HTTP transactions. The main IP is 2606:4700::6812:bc37, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.windowscentral.com. The Cisco Umbrella rank of the primary domain is 59551.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 5th 2021. Valid for: a year.
This is the only time www.windowscentral.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.197 13414 (TWITTER)
16 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 151.139.128.11 20446 (STACKPATH...)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 2.18.232.7 16625 (AKAMAI-AS)
1 18.66.97.8 16509 (AMAZON-02)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 142.250.186.98 15169 (GOOGLE)
8 151.101.65.44 54113 (FASTLY)
5 2600:9000:224... 16509 (AMAZON-02)
1 52.215.1.116 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 52.222.250.115 16509 (AMAZON-02)
2 2620:116:800d... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 151.101.2.114 54113 (FASTLY)
1 34.111.234.236 15169 (GOOGLE)
1 52.222.214.17 16509 (AMAZON-02)
2 18.66.139.123 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 52.19.12.108 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
4 2600:9000:249... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.66.100.58 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
5 52.211.48.15 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 6 13.32.99.105 16509 (AMAZON-02)
1 3.121.92.52 16509 (AMAZON-02)
1 130.211.23.194 15169 (GOOGLE)
1 54.144.144.142 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 69.173.144.139 26667 (RUBICONPR...)
2 2 185.64.189.110 62713 (AS-PUBMATIC)
2 2 35.71.131.137 16509 (AMAZON-02)
1 2 185.86.139.106 201081 (SMARTADSE...)
2 2 37.252.172.36 29990 (ASN-APPNEX)
2 2 142.250.186.130 15169 (GOOGLE)
1 35.157.66.25 16509 (AMAZON-02)
1 2 3.248.131.63 16509 (AMAZON-02)
2 18.200.96.173 16509 (AMAZON-02)
1 51.89.20.87 16276 (OVH)
105 44
1    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
16    2606:4700::6812:bc37 (United States)

ASN13335 (CLOUDFLARENET, US)
www.windowscentral.com
3    2a02:26f0:3500:7::17d8:4dca (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2606:4700::6812:451 (United States)

ASN13335 (CLOUDFLARENET, US)
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
3    151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)
freyr.futurecdn.net
bordeaux.futurecdn.net
ads.servebom.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com
a.teads.tv
1    18.66.97.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-8.fra56.r.cloudfront.net
tags.crwdcntrl.net
1    2606:4700:20::681a:832 (United States)

ASN13335 (CLOUDFLARENET, US)
futureplc-com.videoplayerhub.com
1    2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
2    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
securepubads.g.doubleclick.net
8    151.101.65.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
c2.taboola.com
widget.perfectmarket.com
trc.taboola.com
5    2600:9000:2240:9600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
1    52.215.1.116 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-1-116.eu-west-1.compute.amazonaws.com
p.cpx.to
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    52.222.250.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-250-115.fra60.r.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
2    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
1    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    151.101.2.114 (United States)

ASN54113 (FASTLY, US)
search-api.fie.futurecdn.net
1    34.111.234.236 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 236.234.111.34.bc.googleusercontent.com
ml314.com
1    52.222.214.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-17.fra56.r.cloudfront.net
js.gumgum.com
2    18.66.139.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-123.fra60.r.cloudfront.net
uk-script.dotmetrics.net
1    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
3    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    52.19.12.108 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-12-108.eu-west-1.compute.amazonaws.com
sommelier.futurehybrid.tech
1    2600:9000:225e:b600:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)
test.quantcast.mgr.consensu.org
4    2600:9000:2490:7e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    18.66.100.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-100-58.fra56.r.cloudfront.net
cdn.parsely.com
2    2606:4700:20::681a:346 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
5    52.211.48.15 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
s.cpx.to
1    2600:9000:223f:6200:d:5ce3:a4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rm-script.dotmetrics.net
6    13.32.99.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-105.fra60.r.cloudfront.net
sb.scorecardresearch.com
1    3.121.92.52 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-92-52.eu-central-1.compute.amazonaws.com
audit-tcfv2.quantcast.mgr.consensu.org
1    130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
1    54.144.144.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-144-142.compute-1.amazonaws.com
p1.parsely.com
2    2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
2    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
2    185.86.139.106 (France)

ASN201081 (SMARTADSERVER, FR)
sync.smartadserver.com
2    37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
2    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
cm.g.doubleclick.net
1    35.157.66.25 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-66-25.eu-central-1.compute.amazonaws.com
pool.grid-data.bidswitch.net
2    3.248.131.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-131-63.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
2    18.200.96.173 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-96-173.eu-west-1.compute.amazonaws.com
g2.gumgum.com
1    51.89.20.87 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p19.id5-sync.com
id5-sync.com
Apex Domain
Subdomains		 Transfer
16 windowscentral.com
www.windowscentral.com — Cisco Umbrella Rank: 59551
257 KB
7 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 2167
test.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 5832
audit-tcfv2.quantcast.mgr.consensu.org — Cisco Umbrella Rank: 10095
185 KB
6 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 137
5 KB
6 cpx.to
p.cpx.to — Cisco Umbrella Rank: 10837
s.cpx.to — Cisco Umbrella Rank: 2228
7 KB
6 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 1059
c2.taboola.com — Cisco Umbrella Rank: 7825
trc.taboola.com
15.taboola.com Failed
am-trc-events.taboola.com Failed
203 KB
6 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
ad.doubleclick.net Failed
20 KB
5 futurecdn.net
freyr.futurecdn.net — Cisco Umbrella Rank: 14122
bordeaux.futurecdn.net — Cisco Umbrella Rank: 15504
search-api.fie.futurecdn.net — Cisco Umbrella Rank: 14626
235 KB
4 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
1 KB
3 dotmetrics.net
uk-script.dotmetrics.net — Cisco Umbrella Rank: 5497
rm-script.dotmetrics.net — Cisco Umbrella Rank: 7753
5 KB
3 gumgum.com
js.gumgum.com — Cisco Umbrella Rank: 4540
g2.gumgum.com — Cisco Umbrella Rank: 1506
40 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1523
bcp.crwdcntrl.net — Cisco Umbrella Rank: 858
12 KB
3 typekit.net
use.typekit.net — Cisco Umbrella Rank: 510
79 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 438
2 KB
2 smartadserver.com
sync.smartadserver.com — Cisco Umbrella Rank: 1463
1 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
898 B
2 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 898
630 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1307
1 KB
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 2749
p1.parsely.com — Cisco Umbrella Rank: 2214
18 KB
2 perfectmarket.com
widget.perfectmarket.com — Cisco Umbrella Rank: 3657
33 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 975
20 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
83 KB
2 btloader.com
btloader.com — Cisco Umbrella Rank: 1133
api.btloader.com — Cisco Umbrella Rank: 1274
7 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
398 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 699
1009 B
1 bidswitch.net
pool.grid-data.bidswitch.net — Cisco Umbrella Rank: 10682
229 B
1 rubiconproject.com
token.rubiconproject.com — Cisco Umbrella Rank: 675
214 B
1 google.com
adservice.google.com — Cisco Umbrella Rank: 77
549 B
1 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
792 B
1 futurehybrid.tech
sommelier.futurehybrid.tech — Cisco Umbrella Rank: 16170
1 KB
1 servebom.com
ads.servebom.com — Cisco Umbrella Rank: 12906
360 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 897
2 KB
1 ml314.com
ml314.com — Cisco Umbrella Rank: 1582
32 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
33 KB
1 cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
1 KB
1 videoplayerhub.com
futureplc-com.videoplayerhub.com — Cisco Umbrella Rank: 18253
541 B
1 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1209
5 KB
1 permutive.app
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app — Cisco Umbrella Rank: 14444
241 KB
1 t.co
t.co — Cisco Umbrella Rank: 476
546 B
0 myvisualiq.net Failed
t.myvisualiq.net Failed
0 doubleverify.com Failed
tps.doubleverify.com Failed
105 41
Domain Requested by
16 www.windowscentral.com t.co
www.windowscentral.com
6 sb.scorecardresearch.com 2 redirects widget.perfectmarket.com
5 s.cpx.to p.cpx.to
www.windowscentral.com
5 quantcast.mgr.consensu.org www.windowscentral.com
quantcast.mgr.consensu.org
4 rules.quantcount.com secure.quantserve.com
3 trc.taboola.com cdn.taboola.com
3 www.google-analytics.com www.windowscentral.com
3 search-api.fie.futurecdn.net www.windowscentral.com
search-api.fie.futurecdn.net
3 use.typekit.net www.windowscentral.com
2 g2.gumgum.com js.gumgum.com
2 bcp.crwdcntrl.net 1 redirects tags.crwdcntrl.net
2 cm.g.doubleclick.net 2 redirects
2 secure.adnxs.com 2 redirects
2 sync.smartadserver.com 1 redirects www.windowscentral.com
2 match.adsrvr.org 2 redirects
2 image2.pubmatic.com 2 redirects
2 stats.g.doubleclick.net www.windowscentral.com
2 ad-delivery.net www.windowscentral.com
2 widget.perfectmarket.com cdn.taboola.com
widget.perfectmarket.com
2 uk-script.dotmetrics.net www.windowscentral.com
2 secure.quantserve.com www.windowscentral.com
t.co
2 connect.facebook.net www.windowscentral.com
connect.facebook.net
2 cdn.taboola.com www.windowscentral.com
cdn.taboola.com
2 securepubads.g.doubleclick.net www.windowscentral.com
securepubads.g.doubleclick.net
2 www.facebook.com www.windowscentral.com
1 id5-sync.com
1 pool.grid-data.bidswitch.net www.windowscentral.com
1 token.rubiconproject.com www.windowscentral.com
1 p1.parsely.com www.windowscentral.com
1 api.btloader.com futureplc-com.videoplayerhub.com
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rm-script.dotmetrics.net www.windowscentral.com
1 cdn.parsely.com d1z2jf7jlzjs58.cloudfront.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 sommelier.futurehybrid.tech bordeaux.futurecdn.net
1 ads.servebom.com bordeaux.futurecdn.net
1 unpkg.com t.co
1 js.gumgum.com www.windowscentral.com
1 ml314.com www.windowscentral.com
1 www.googletagmanager.com www.windowscentral.com
1 d1z2jf7jlzjs58.cloudfront.net www.windowscentral.com
1 p.cpx.to www.windowscentral.com
1 c2.taboola.com www.windowscentral.com
1 btloader.com www.windowscentral.com
1 futureplc-com.videoplayerhub.com 1 redirects
1 tags.crwdcntrl.net www.windowscentral.com
1 a.teads.tv www.windowscentral.com
1 bordeaux.futurecdn.net www.windowscentral.com
1 freyr.futurecdn.net www.windowscentral.com
1 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app www.windowscentral.com
1 t.co
0 am-trc-events.taboola.com Failed
0 ad.doubleclick.net Failed
0 t.myvisualiq.net Failed
0 tps.doubleverify.com Failed
0 15.taboola.com Failed cdn.taboola.com
105 58
Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
windowscentral.com
Cloudflare Inc ECC CA-3		 2021-06-05 -
2022-06-04		 a year crt.sh
use.typekit.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-07 -
2023-04-07		 a year crt.sh
permutive.app
Cloudflare Inc ECC CA-3		 2022-03-17 -
2022-06-15		 3 months crt.sh
freyr.futurecdn.net
R3		 2022-04-10 -
2022-07-09		 3 months crt.sh
bordeaux.futurecdn.net
R3		 2022-03-11 -
2022-06-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-25 -
2022-04-25		 3 months crt.sh
teads.tv
R3		 2022-03-23 -
2022-06-21		 3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
quantcast.mgr.consensu.org
Amazon		 2022-03-25 -
2023-04-23		 a year crt.sh
p.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2022-01-13 -
2023-01-13		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
hawk.techradar.com
R3		 2022-02-25 -
2022-05-26		 3 months crt.sh
*.ml314.com
GoGetSSL RSA DV CA		 2022-03-29 -
2023-03-29		 a year crt.sh
*.gumgum.com
Amazon		 2021-10-15 -
2022-11-12		 a year crt.sh
*.dotmetrics.net
Amazon		 2021-10-24 -
2022-11-21		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-02 -
2022-07-01		 a year crt.sh
widget.perfectmarket.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-12-24 -
2023-01-25		 a year crt.sh
ads.servebom.com
R3		 2022-03-13 -
2022-06-11		 3 months crt.sh
sommelier.futurehybrid.tech
R3		 2022-04-08 -
2022-07-07		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.parsely.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
s.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2022-01-17 -
2023-01-17		 a year crt.sh
*.scorecardresearch.com
Amazon		 2022-01-29 -
2023-02-27		 a year crt.sh
api.btloader.com
GTS CA 1D4		 2022-02-23 -
2022-05-24		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
pool.grid-data.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-25 -
2023-03-07		 a year crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Frame ID: FBC74365004DE0D0942DD3E2BA6790DE
Requests: 102 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
Frame ID: 6FF333D025C3FB74681202069D9DDC05
Requests: 1 HTTP requests in this frame

Frame: https://secure.quantserve.com/quant.js
Frame ID: 8A436A418EA111EA7DD626CB0F43EB60
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Windows workstations under attack by newly discovered malware | Windows Central

Page URL History Show full URLs

  1. https://t.co/WbYruGRdwh Page URL
  2. https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

105
Requests

83 %
HTTPS

40 %
IPv6

41
Domains

58
Subdomains

44
IPs

6
Countries

1532 kB
Transfer

6160 kB
Size

40
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/WbYruGRdwh Page URL
  2. https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://futureplc-com.videoplayerhub.com/galleryplayer.js HTTP 301
  • https://btloader.com/tag?h=futureplc-com&upapi=true
Request Chain 76
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df HTTP 302
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0443D66D-DCB9-4A2D-A8AA-824B3241717A&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Request Chain 77
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
  • https://s.cpx.to/sync?dsp_uid=95a559f5-7e39-4c62-be86-6b250fe96184&dsp=TTD
Request Chain 78
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0 HTTP 302
  • https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0&cklb=1
Request Chain 79
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12542%26ref%3Dhttps%253A%252F%252Ft.co%252F%26url%3Dhttps%253A%252F%252Fwww.windowscentral.com%252Fwindows-workstations-under-attack-newly-discovered-malware%26hn_ver%3D40%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12542%2526ref%253Dhttps%25253A%25252F%25252Ft.co%25252F%2526url%253Dhttps%25253A%25252F%25252Fwww.windowscentral.com%25252Fwindows-workstations-under-attack-newly-discovered-malware%2526hn_ver%253D40%2526fid%253D40ab04ed-4be8-4823-8617-a681df6f60df HTTP 302
  • https://s.cpx.to/an_fire?app_nexus_uid=6230648545388254164&pid=12542&ref=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&hn_ver=40&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Request Chain 80
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_tc= HTTP 302
  • https://s.cpx.to/ca.png?dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_gid=CAESEAJTcOiFX6MxV5UJQaYuDUo&google_cver=1
Request Chain 82
  • https://bcp.crwdcntrl.net/5/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr HTTP 302
  • https://bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
Request Chain 83
  • https://sb.scorecardresearch.com/cs/10055482/beacon.js HTTP 302
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Request Chain 87
  • https://sb.scorecardresearch.com/p?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&c9=https%3A%2F%2Ft.co%2F&cv=2.0&cj=1&ns__t=1650290753563 HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&c9=https%3A%2F%2Ft.co%2F&cv=2.0&cj=1&ns__t=1650290753563

105 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
WbYruGRdwh
t.co/ 		422 B
546 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/WbYruGRdwh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
216
content-type
text/html; charset=utf-8
date
Mon, 18 Apr 2022 14:05:49 GMT
expires
Mon, 18 Apr 2022 14:10:49 GMT
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
bc1a2fb82082e5ea3a09a71b29717a434a6a2105e20fc01529e9e16036daaf97
x-response-time
112
x-xss-protection
0
Primary Request windows-workstations-under-attack-newly-discovered-malware
www.windowscentral.com/ 		140 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Requested by
Host: t.co
URL: https://t.co/WbYruGRdwh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
046012c8aaf0ace314f7dd8d459e91cf82886c9c31a8f212b5e9edf42abf0dc4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
Strict-Transport-Security max-age=86400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
590
cache-control
public, max-age=300, s-maxage=21600
cf-cache-status
HIT
cf-ray
6fddf5245f2d5c74-FRA
content-encoding
gzip
content-language
en
content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Mon, 18 Apr 2022 14:05:50 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Mon, 18 Apr 2022 14:01:00 GMT
last-modified
Mon, 18 Apr 2022 13:56:00 GMT
link
<https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2021/05/hp-zbook-studio-g8-ports2.jpg>; rel="image_src",<https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware>; rel="canonical",<https://www.windowscentral.com/node/91665>; rel="shortlink"
mn-server-ip
165
permissions-policy
interest-cohort=()
server
cloudflare
strict-transport-security
max-age=86400
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
hp-zbook-studio-g8-ports2.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large_wm_brb/public/field/image/2021/05/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large_wm_brb/public/field/image/2021/05/hp-zbook-studio-g8-ports2.jpg
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28183d032afee3e3f6cd4940b084a0f47e74288d5f60d91f11ab9885687b20c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
age
589
cf-polished
qual=85, origFmt=jpeg, origSize=66153
content-disposition
inline; filename="hp-zbook-studio-g8-ports2.webp"
content-length
35684
last-modified
Tue, 11 May 2021 01:49:18 GMT
server
cloudflare
etag
"6099e29e-10269"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Thu, 19 May 2022 13:56:01 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf524cffd5c74-FRA
cf-bgj
imgq:85,h2pri
l
use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dca Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
server
nginx
etag
"7d4a321fb4284bed9856c33aee6c065aba0855a7"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
26392
fa-solid-900.woff2
www.windowscentral.com/sites/all/fonts/fontawesome-min/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/all/fonts/fontawesome-min/fa-solid-900.woff2
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd23f77e0f2633a6eb7eab764d98ab21a0ae46fe92d169262b52ffefd1dcf16c

Request headers

Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:52 GMT
server
cloudflare
age
1569630
etag
"62349f1c-1ff4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf524c8015c74-FRA
content-length
8180
expires
Sun, 01 May 2022 10:05:20 GMT
mona-icons.ttf
www.windowscentral.com/sites/all/fonts/ 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/all/fonts/mona-icons.ttf
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2f14c14f8b1cc9659e849b3db6b22410b5641152120e50e5a1292d78016016c

Request headers

Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:25 GMT
server
cloudflare
age
1899414
etag
"62349f01-70c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf524c8035c74-FRA
content-length
1804
expires
Wed, 27 Apr 2022 14:28:56 GMT
6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/ 		867 KB
241 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app/6093eccf-6734-4877-ac8b-83d6d0e27b46-web.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4d30c76f6c4f12662e2a140e5900c3f0a68776ed72f22d3fd626d6b9b7218d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
6093eccf-6734-4877-ac8b-83d6d0e27b46
age
3533
x-guploader-uploadid
ADPycdstSFN02PQ2D29dc9qkqLyhkvcEFc9miYOW94Vt72psz49S4AjYfXk7C8FtVjHwELhQX53SYIJ0IZ-g0fdHvj_pRgueU1oT
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-type
application/javascript
last-modified
Thu, 14 Apr 2022 17:04:53 GMT
server
cloudflare
etag
W/"1454d9e9f2733e146d781cb6fff2d502"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=H+2eRA==, md5=FFTZ6fJzPhRteBy2//LVAg==
x-goog-generation
1649955893417392
cache-control
public, max-age=900
x-goog-stored-content-length
252734
cf-ray
6fddf5266efb68f8-FRA
expires
Mon, 18 Apr 2022 14:20:50 GMT
freyr.js
freyr.futurecdn.net/ 		69 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freyr.futurecdn.net/freyr.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
b25590ed0eb80f9d4324448b2f2be99e6b7c73affaaed9625d1643826fe218c1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
last-modified
Tue, 29 Mar 2022 09:43:15 GMT
server
nginx/1.19.0
etag
W/"6242d4b3-11540"
strict-transport-security
max-age=15724800; includeSubDomains
freyr-version
4.0.0
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=1290
accept-ranges
bytes
content-length
17557
x-hw
1650290750.cds057.am5.hn,1650290750.cds290.am5.c
js__n7HQ4TG1EEZYz2tjiNVR6cVScwcUWaE3qTK3TEDs0X4__0q2wZs_Du6XgivdmkEtGm64iEdYt-B97Ol6Y6U5KYRA__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
www.windowscentral.com/sites/wpcentral.com/files/advagg_js/ 		194 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_js/js__n7HQ4TG1EEZYz2tjiNVR6cVScwcUWaE3qTK3TEDs0X4__0q2wZs_Du6XgivdmkEtGm64iEdYt-B97Ol6Y6U5KYRA__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47574b2437bb834db5f02f5c5e4952fe1a2b6313348dd6cfbcecfaa579f704d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Jan 2022 21:39:00 GMT
server
cloudflare
age
750366
etag
W/"61d76174-3aba1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
expires
Tue, 10 May 2022 21:39:44 GMT
cache-control
max-age=2678400
cf-polished
origSize=240545
cf-ray
6fddf524c8075c74-FRA
cf-bgj
minify
js__c0wIEn2kbwfSABNH37FFHYYM7mCF9kYLDVp5KdHQI30__Pr-ynne3WA3SaozEBe8Rs0OElNLarFAb10Yxr7wDwvw__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
www.windowscentral.com/sites/wpcentral.com/files/advagg_js/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_js/js__c0wIEn2kbwfSABNH37FFHYYM7mCF9kYLDVp5KdHQI30__Pr-ynne3WA3SaozEBe8Rs0OElNLarFAb10Yxr7wDwvw__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dedf0005af46ab90d7b42e76026288fc5a2ba67ce8ffae805f22e971f358c55b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 03 Feb 2021 22:05:42 GMT
server
cloudflare
age
1836507
etag
W/"601b1e36-739a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
expires
Thu, 28 Apr 2022 07:57:23 GMT
cache-control
max-age=2678400
cf-polished
origSize=29594
cf-ray
6fddf524c80a5c74-FRA
cf-bgj
minify
bordeaux.js
bordeaux.futurecdn.net/ 		293 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bordeaux.futurecdn.net/bordeaux.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
26b19b50b1459f5c81dafdb46a5b5ec3930f77c1ce9f49df144351ced50f1256
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
last-modified
Thu, 07 Apr 2022 12:48:59 GMT
server
nginx/1.19.0
etag
W/"624eddbb-49310"
strict-transport-security
max-age=15724800; includeSubDomains
x-hw
1650290750.cds263.am5.hn,1650290750.cds278.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
bordeaux-version
4.20.1
content-length
80387
tr
www.facebook.com/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr?id=1765793593738454&ev=PageView&noscript=1
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 18 Apr 2022 14:05:50 GMT
tr
www.facebook.com/ 		44 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr?id=1765793593738454&ev=ViewContent&noscript=1
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 18 Apr 2022 14:05:50 GMT
tag.js
a.teads.tv/analytics/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/analytics/tag.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-7.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9379485b510d404dc953c886c69acc421789b085804b6148d2f30be9f8ff0880

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
x-amz-version-id
.c4q720Weuo_WjGTYzrLUxh_yQPz7y2N
content-encoding
br
last-modified
Mon, 04 Apr 2022 09:26:10 GMT
x-amz-request-id
AX0P4XAY0V417QPJ
etag
"640674f5ff78aa716cb34f0cbeaf2d44"
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
private, max-age=3600
date
Mon, 18 Apr 2022 14:05:50 GMT
accept-ranges
bytes
content-length
4724
x-amz-id-2
sFefan8OZYetCi5e7tz5wTj12FIsFYIBz4cctmqTtbsWMMIiZAdp/uKU276LiXy7ya5HwiFQWWg=
cc.js
tags.crwdcntrl.net/c/12464/ 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/c/12464/cc.js?ns=_cc12464
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
94fe2acdde59c996a475902afadf127e555e25fb6aae6f8f93914b318de3e19d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 18 Apr 2022 08:45:09 GMT
content-encoding
gzip
last-modified
Wed, 11 Mar 2020 04:01:36 GMT
server
AmazonS3
age
19242
etag
W/"60ae9e169e0216122e9d8bf94f8906db"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
IOtW4ajmFvRqLSK30Tnlb9Xktiy59t8uHhnmsNB_DIwl-2BshRBHug==
tag
btloader.com/
Redirect Chain
  • https://futureplc-com.videoplayerhub.com/galleryplayer.js
  • https://btloader.com/tag?h=futureplc-com&upapi=true
16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?h=futureplc-com&upapi=true
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Server
2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
067edf7df83e78af3ad8bd0b56325be772f837a5f9cb1f3c2d8a0f3d29da7f11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

cf-ray
6fddf526e98991d8-FRA
date
Mon, 18 Apr 2022 14:05:50 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Fri, 15 Apr 2022 16:38:37 GMT
server
cloudflare
age
1370
etag
W/"2d7e1c91196267dbfe3b1e36e0f26e35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9G9vNsPTA6cQadg7TCF9A78seGRhArH4zM6dECJi7BK9FHraFnXfY6BfqsyAH9NgaNns6J00G3X%2FBQPtKrW6%2FWLhM4y0S3%2BZf7%2FynxCPyXxypnIneDeWcsZmSF8vzlriC6g%2B7XM3E%2BJNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br

Redirect headers

date
Mon, 18 Apr 2022 14:05:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iq5g4XwkN3He%2BX8nA0h37x7IvlGCz56kEy%2FBoh7d5YDJkdSrnGrIour6uMd7e0HZYOQ1u5RETgWJt%2Fk%2FAqpfnklsaS%2BwDmRz3xFV%2B5MlNB%2BHfnQnPZ2UGHx9Kttv1xoVRos95PNEopx%2Bj39ro44AEzfXl%2BtvUjS2CoTb83SQ"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=futureplc-com&upapi=true
cache-control
max-age=3600
cf-ray
6fddf5266f9b9199-FRA
expires
Mon, 18 Apr 2022 15:05:50 GMT
glade.js
securepubads.g.doubleclick.net/static/ 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/glade.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
25db43cdbafdfcb1e932d48d691a87835d88e898ef6817da85dba40cd3f7b2dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16024
x-xss-protection
0
server
sffe
etag
"1642106280940716"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=1800, stale-while-revalidate=3600
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 18 Apr 2022 14:05:50 GMT
js__0TtPV7tYtOKF8q4xu8UDn_i8ZNmArXKAaAgO1n7Dv5g__TInbTdXTj3bp0-SfE_ABqL935JSTUvmeOxcMURwHmxw__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
www.windowscentral.com/sites/wpcentral.com/files/advagg_js/ 		46 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_js/js__0TtPV7tYtOKF8q4xu8UDn_i8ZNmArXKAaAgO1n7Dv5g__TInbTdXTj3bp0-SfE_ABqL935JSTUvmeOxcMURwHmxw__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cf5396993e4b7b8e74c4bd348756f51104cc01ce20b5f7a193a45ec47574c63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 28 Sep 2021 14:10:28 GMT
server
cloudflare
age
1899411
etag
W/"61532254-fc7e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
expires
Wed, 27 Apr 2022 14:28:59 GMT
cache-control
max-age=2678400
cf-polished
origSize=64638
cf-ray
6fddf52559335c74-FRA
cf-bgj
minify
css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
www.windowscentral.com/sites/wpcentral.com/files/advagg_css/ 		297 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c84a5b9e09825082ba7b583fddf8abca5efbdd05eb7beb7d9e2abdfcebda332c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 16 Aug 2021 16:03:53 GMT
server
cloudflare
age
1768975
etag
W/"611a8c69-4a370"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
expires
Fri, 29 Apr 2022 02:42:55 GMT
cache-control
max-age=2678400
cf-polished
origSize=303984
cf-ray
6fddf52559385c74-FRA
cf-bgj
minify
loader.js
cdn.taboola.com/libtrc/mobilenations1-network/ 		464 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/mobilenations1-network/loader.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17077ffaf689a4f07028a1d15ea2a54fd4189707578ed0b3acdfdda59aa0362d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
VQP7d3JevNKNP6SF2BZYHUKjliGg_h0g
content-encoding
gzip
etag
"edbc206f76b26e2776209d17e082d043"
age
18068
x-cache
HIT
content-length
37867
x-amz-id-2
m/2dlReXvRn0ZzVlxlwcRNFdEbUrKmBM98MIQUu37DDGXLiuvLmen5Kc7RHp7+8yjhiV71Oqlqc=
x-served-by
cache-hhn4073-HHN
last-modified
Mon, 18 Apr 2022 09:04:08 GMT
server
AmazonS3
x-timer
S1650290750.464827,VS0,VE0
date
Mon, 18 Apr 2022 14:05:50 GMT
vary
Accept-Encoding
x-amz-request-id
C2ZPF5QYAYFKCFQ5
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
94
x-cache-hits
2
choice.js
quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.windowscentral.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.windowscentral.com/choice.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0bd4246cc88ea9a0f90dc318e0ff3c42b4ab6da779c6557f00ca1d5d404408fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 18 Apr 2022 14:05:20 GMT
content-encoding
br
last-modified
Thu, 07 Apr 2022 11:02:22 GMT
server
AmazonS3
age
58
etag
W/"87b4fb495aec618afd1d86b9dc9387f2"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
WkWPQsJcxtGRYWvkkvrwwk9Jf0lenKColXO3oBd0rcc133Ugkuibkg==
analytics.js
www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c21173e97cdde5579f5144813a24b7e406ad2a6a483da2cd18b864a8d2ecc40

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 09 Nov 2021 18:56:28 GMT
server
cloudflare
age
410017
etag
W/"618ac45c-c41d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
expires
Sat, 14 May 2022 20:12:13 GMT
cache-control
max-age=2678400
cf-polished
origSize=50205
cf-ray
6fddf52559365c74-FRA
cf-bgj
minify
newsroom.js
c2.taboola.com/nr/mobilenations1-windowcentral/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c2.taboola.com/nr/mobilenations1-windowcentral/newsroom.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e4f5f3bc3d6c472382dc6ae414a1d2558fc9fd1fe4ec4c7ae7d3adc8957d438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
etag
"1dbadc531dcc54906bcc5f5e1fe01430"
age
86
x-cache
HIT
content-length
16437
x-amz-id-2
jJ5hwbDJEXTRTs/PmlQLv9v9nqchMUoso5ioULqNBU4eH4yiJhMLyXFG3sINrYVsSbAkjGcPZOk=
x-served-by
cache-hhn4073-HHN
last-modified
Fri, 04 Sep 2020 23:39:59 GMT
server
AmazonS3
x-timer
S1650290750.469579,VS0,VE1
date
Mon, 18 Apr 2022 14:05:50 GMT
vary
Accept-Encoding
x-amz-request-id
4GNSPXDPMZQDP57Y
via
1.1 varnish
cache-control
max-age=14400
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
wc-logo-color.svg
www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/wc-logo-color.svg?reload
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
577c6dfe3ebcb5435b28de78f9112774f8910e67e889aad87895daf6cd1a9f44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:30 GMT
server
cloudflare
age
1836483
etag
W/"62349f06-121f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2678400
cf-ray
6fddf525593a5c74-FRA
expires
Thu, 28 Apr 2022 07:57:47 GMT
l
use.typekit.net/af/027dd4/00000000000000003b9acafa/27/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/027dd4/00000000000000003b9acafa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dca Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
00f7d628d0c49b1b0d512c3c56d16cc8d0ac222e7437efea750b584083c053dd

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
server
nginx
etag
"37da2a6b18214f547dbbc4036f830d9caa1b9787"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
26676
l
use.typekit.net/af/46da36/00000000000000003b9acaf6/27/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/46da36/00000000000000003b9acaf6/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dca Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
server
nginx
etag
"de29fb2e3e401b15877c6b3a0953702fe7fa1105"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
26812
1x1.png
www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/ 		38 B
192 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/1x1.png
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f03b278147f8f0bbfd56ebe73d183470ec71d18512c2d24bea55212bbe724e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
age
383858
cf-polished
origFmt=png, origSize=68
content-disposition
inline; filename="1x1.webp"
content-length
38
last-modified
Fri, 18 Mar 2022 15:02:30 GMT
server
cloudflare
etag
"62349f06-44"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sun, 15 May 2022 03:28:12 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf525ea1b5c74-FRA
cf-bgj
imgq:85,h2pri
px.js
p.cpx.to/p/12542/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/12542/px.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.1.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-1-116.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f42e1cd6c29e600d1e67f3a4a315f29d13875e15ec3c6413eb9b4ec76929b528

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 14:05:50 GMT
Cache-Control
max-age=2419200, public
Connection
keep-alive
Content-Length
1769
Content-Type
application/javascript; charset=UTF-8
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e689afb72419c1c950713dd2f2226b855671f70a38c89212cbf0ebb71309378
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
WQRRpJ1qZjU24QthByImeQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Mon, 18 Apr 2022 14:06:33 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1685
x-fb-rlafr
0
x-fb-debug
ysmvSLnEpegULIveJqyCO9vvPO2KUNzcKKyj2LRJ5L51d6kgVG2lTAJFWp5y41qdSqtQQBOb7mdQsYQL1L7yiQ==
x-fb-trip-id
686109401
x-fb-content-md5
429d829a891404f8f5f3cbb0961deff7
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Mon, 18 Apr 2022 14:05:50 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"23ec303dc19203b8c51d3314b2228f2d"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
p.js
d1z2jf7jlzjs58.cloudfront.net/ 		930 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.222.250.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-250-115.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 08:42:53 GMT
Via
1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
Age
19377
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
930
Pragma
public
Last-Modified
Wed, 06 May 2020 20:19:48 GMT
Server
nginx
ETag
"5eb31be4-3a2"
Content-Type
application/javascript
Cache-Control
max-age=86400, public
X-Amz-Cf-Pop
FRA60-P3
Accept-Ranges
bytes
X-Amz-Cf-Id
Q5Pn7f1rUDDo_GHlrcHhbvEK2PIlp7zeqx_LJQfa3DlFav0stzcuxA==
Expires
Tue, 19 Apr 2022 08:42:53 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Mon, 25 Apr 2022 14:05:50 GMT
gtm.js
www.googletagmanager.com/ 		83 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N9VHS7
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f1d645284ac0f689610282b670bc36669e986109482614d5cd74d37dfac2a9e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33127
x-xss-protection
0
last-modified
Mon, 18 Apr 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 18 Apr 2022 14:05:50 GMT
mona.js
search-api.fie.futurecdn.net/js/w/es6/ 		389 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/js/w/es6/mona.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0f507045398a529b76fa0de28f329699590b881503633f2cea95a87013359da6
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-hawk-country
xkey
asset-type-fie-widgets
age
341
x-ftr-backend-server
fievarnishprodwhite
x-hawk-area
DE
x-ftr-dc
IX
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
HIT
content-length
128592
x-ftr-expires
Mon, 18 Apr 2022 13:20:00 GMT
x-ftr-balancer
hawkproxyprodblue
x-cache
MISS, HIT
x-ftr-request-id
00000000:1D62_00000000:01BB_625D60D0_934310:3941
last-modified
Wed, 13 Apr 2022 13:10:44 GMT
x-timer
S1650290750.468384,VS0,VE1
etag
"6256cbd4-6120d"
x-served-by
cache-lon11681-LON, cache-hhn4046-HHN
strict-transport-security
max-age=31557600
content-type
application/javascript; charset=utf-8
via
1.1 varnish, 1.1 varnish
vary
Accept-Encoding
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
accept-ranges
bytes
access-control-allow-origin
*
x-cache-hits
0, 1
tag.aspx
ml314.com/ 		31 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?1832022
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
236.234.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:26:49 GMT
age
2341
x-guploader-uploadid
ADPycduYTFsEdMv9zDbxhHRtw0asq5BH0feC0o-O1h185c3jkYk1h0xB9i6qgG3qk0tKmqbSvFhExJh6Sobg-PZ9kWQ-BnfzITnj
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
32025
last-modified
Mon, 04 Apr 2022 15:43:44 GMT
server
UploadServer
cache-control
public,max-age=3600
etag
"25b1f355dd487bdf5381a749056080c4"
x-goog-hash
crc32c=dPpbog==, md5=JbHzVd1Ie99TgadJBWCAxA==
x-goog-generation
1649087024620619
cache-id
AMS-cba56054
x-cache-hit
hit
x-goog-stored-content-length
32025
accept-ranges
bytes
content-type
application/javascript
services.js
js.gumgum.com/ 		101 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.gumgum.com/services.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-17.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74d4fe26abff96aadb849dea507e94f1d944bfb805ef7e410b5024dea3f6ba44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
x2K86VUv8V2AugygglVmCLHCn.JPitub
content-encoding
gzip
etag
W/"1107b8738b70282a38d77bad4b1e2bfa"
age
15870
x-cache
Hit from cloudfront
x-amz-meta-timing-allow-origin
*
x-amz-meta-access-control-allow-origin
*
last-modified
Thu, 07 Apr 2022 10:25:15 GMT
server
AmazonS3
date
Mon, 18 Apr 2022 09:43:34 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P3
x-amz-cf-id
B8GpcXux4owJJfgQqbDKwMayFhcbolqgkplTKwW6R4soX2KrPkeRtQ==
door.js
uk-script.dotmetrics.net/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uk-script.dotmetrics.net/door.js?id=5257
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-123.fra60.r.cloudfront.net
Software
Kestrel /
Resource Hash
20eb956a307ce99d9b74fd8c4e61e3bbf2ac53532beb429e073b610de69c6c3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
br
server
Kestrel
x-amz-cf-pop
FRA60-P4
etag
"5257...199.2022041814"
vary
Accept-Encoding
x-cache
Miss from cloudfront
p3p
policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
cache-control
private
content-type
application/javascript
x-amz-cf-id
g3E1OmPPiIzp044CcY6TJ7C-FYmHYjEc0wge_wUrQ6GDjAERfcE81g==
web-vitals.js
unpkg.com/web-vitals@2.0.1/dist/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-vitals@2.0.1/dist/web-vitals.js?module
Requested by
Host: t.co
URL: https://t.co/WbYruGRdwh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
45b6640b10629fe0dcec64d3031726d9841d5504280f8be01f2d5ca2f31f5cdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
4539200
x-powered-by
Express
content-encoding
br
vary
Accept-Encoding
fly-request-id
01FWQ6ZG3381HDRVS95XQ9PM8R-fra
server
cloudflare
etag
W/"13f0-FB5AIG1d3V3SKXQC+aDRC1j67uc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6fddf5266ce06927-FRA
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:08:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3446
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Mon, 18 Apr 2022 14:08:24 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/38/ 		179 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/38/cmp2.js?referer=www.windowscentral.com
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/uer8ZPXHG8WDU/www.windowscentral.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
87a05e266719cffcabe1f5b046d7e6c0b095a2f35723e3d00b41d001b5b02ff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
age
30
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 06 Jan 2022 15:09:26 GMT
server
AmazonS3
etag
W/"c29546e2a6954891b2b97d808459afe6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
nbc4OXB4B0YQ8mzOUCm4zAr0o_trt5DaKdyTPyI1ZkqXcNHISTa7QA==
load.js
widget.perfectmarket.com/mobilenations1-network/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/mobilenations1-network/load.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/mobilenations1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad1cd9c9fd8f0eb0c9e41a7683654a834d6da5e3ba132f70096b7929e79eb298

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
J4XuLknNLAuC7N4qV0D8ae6KQwP3.A6b
content-encoding
gzip
etag
"685ca634ee38daf89f4b9f310d082b34"
age
150
x-cache
HIT, HIT
content-length
1106
x-amz-id-2
+e4zLGwe7dK0NvxiMom2nmXgaPElORJEM2D90370e+pfPFEYL2biyWaXIQCYUbjNgVCKw0aXqfk=
x-served-by
cache-sna10741-LGB, cache-hhn4025-HHN
last-modified
Thu, 28 Feb 2019 04:56:18 GMT
server
AmazonS3
x-timer
S1650290751.574259,VS0,VE1
date
Mon, 18 Apr 2022 14:05:50 GMT
vary
Accept-Encoding,,
x-amz-request-id
D8PAZ862XWM8GTPN
via
1.1 varnish, 1.1 varnish
cache-control
max-age=300
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
1, 1
impl.20220418-3-RELEASE.es5.js
cdn.taboola.com/libtrc/ 		701 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20220418-3-RELEASE.es5.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/mobilenations1-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
52ff2a623c77412b9c7f27ee7d24bd125b1e3dd37450c45fe373e0627824b9ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
a.XepnKhY2ILW._QJ7_BWyOl1ij9P8Wm
content-encoding
br
etag
"f7559ef9aedce359d2c5a06c1b33526e"
age
19085
x-cache
HIT
content-length
137923
x-amz-id-2
z1JQkwu7IlXqSBk33KR4qWXJCbiFXtcMesq49XTKHgXehUf6h6QBROAkJEuF+8mT5uJ9w7lm4UU=
x-served-by
cache-hhn4073-HHN
last-modified
Mon, 18 Apr 2022 08:46:57 GMT
server
AmazonS3-br
x-timer
S1650290751.506708,VS0,VE0
date
Mon, 18 Apr 2022 14:05:50 GMT
vary
Accept-Encoding
x-amz-request-id
YMADS9SG9VG0AB14
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
14
x-cache-hits
14053
translations.php
search-api.fie.futurecdn.net/ 		32 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/translations.php?language=en-US
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/mona.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6f27ead86675e282e4ab4bb981cede9beab7ab1d2e849e42643654cca896c1e9
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-hawk-country
age
120
x-ftr-backend-server
fievarnishprodred
x-hawk-area
DE
x-ftr-dc
IX
x-ftr-realm
pip
x-ftr-backend
fie-api
x-ftr-cache-status
HIT
content-length
10731
x-ftr-expires
Mon, 18 Apr 2022 14:23:50 GMT
x-ftr-balancer
hawkproxyprodblue
x-cache
HIT, HIT
x-ftr-request-id
00000000:78A4_00000000:01BB_625D6FC6_39CB8B:393E
x-timer
S1650290751.551149,VS0,VE1
x-served-by
cache-lon11665-LON, cache-hhn4046-HHN
strict-transport-security
max-age=31557600
access-control-allow-methods
GET
content-type
application/json; charset=utf-8;
via
1.1 varnish, 1.1 varnish
vary
Accept-Encoding
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Hawk-Country,X-Hawk-Area
x-cache-hits
1, 1
hybrid_id
ads.servebom.com/ 		43 B
360 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servebom.com/hybrid_id
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
c4c15bc640dcb083a4e41c317a132a4f28f3678db046e131c76f201bdaeceef2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
https://www.windowscentral.com
date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
access-control-allow-credentials
true
content-length
69
x-hw
1650290750.cds267.am5.hn,1650290750.cds214.am5.sc,1650290750.cds214.am5.p
content-type
application/json
config
sommelier.futurehybrid.tech/ 		5 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sommelier.futurehybrid.tech/config?r=123&tpl=normal&l=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware
Requested by
Host: bordeaux.futurecdn.net
URL: https://bordeaux.futurecdn.net/bordeaux.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.19.12.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-12-108.eu-west-1.compute.amazonaws.com
Software
nginx/1.19.0 /
Resource Hash
fab2e6b042ec3920ace988314188075cf130ec5c8f9892bc8cddf94ac4ed7294
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
server
nginx/1.19.0
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/38/cmp2.js?referer=www.windowscentral.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:b600:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c1c9d79d4c1f7434241f585d6cda795673e9a883999631e6889c46d6e01681b1

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 03:00:36 GMT
content-encoding
br
age
39915
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Mon, 04 Apr 2022 19:52:29 GMT
server
AmazonS3
etag
W/"40af78ddd5428a8827297a3108ff0f96"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
ErQ4DdluPZ.uqNFyIPqTjQ9DZM7Y2Y6Q
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA60-P4
content-type
application/json
x-amz-cf-id
H5G6ccKlLxX-6eiu00ZA8AGonB-O6l9wJ9ZdswTXA5wP_UyHaLRtuw==
sdk.js
connect.facebook.net/en_US/ 		283 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=5cd4b324a2f593a0baeb0efae42061a5
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b09a3d86d925d8c1b1c75ca30f94ab85fbd69614c5d6b9fb1f7ce54d5a221fda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.windowscentral.com/
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
sJ5PxWAnCo5x1SEDQY+nxQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Tue, 18 Apr 2023 12:15:19 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
82864
x-fb-rlafr
0
x-fb-debug
n4ZCdeQmmh8Fb0wXqGhkpRtlbLPEsgSA7JiJziAs91W2V+DqBCGW5GzZGTwIiAu8RQKBoEhaGwTqzT2ToKj03g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
c8b85e1def183ed4fa89c695259dac64
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 18 Apr 2022 14:05:50 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"f8b98c4c9db94efaf1536779285b8ca1"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
rules-p-ebutdjFEkjMk-.js
rules.quantcount.com/ 		3 B
427 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-ebutdjFEkjMk-.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:7e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 05:36:18 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
age
30573
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 21:03:35 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P6
accept-ranges
bytes
x-amz-cf-id
Q1egeEgmUiOGrgY_3BI7f-YJNr1uoDpHEk7uDvmeaueIDEemQ-ZUGQ==
rules-p-8bC03lZwjgqy2.js
rules.quantcount.com/ 		3 B
428 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-8bC03lZwjgqy2.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:7e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 05:06:37 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
age
32360
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 20:13:13 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P6
accept-ranges
bytes
x-amz-cf-id
8thsV41ISonReVXJbh5NSvKajYvugVrUPgXLOGKSgf0N55N6CGnKBg==
rules-p-uer8ZPXHG8WDU.js
rules.quantcount.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-uer8ZPXHG8WDU.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:7e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd058e51526b3cec4f24d62da25e068dddd98f10809f5f46cde0013c006d8607

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:29 GMT
content-encoding
gzip
age
22
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Tue, 13 Jul 2021 15:45:03 GMT
server
AmazonS3
etag
W/"0c287fb1be55ca2e77fb3cd36cbe5ae8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA56-P6
x-amz-cf-id
0SXm7mEusFjiYVjOEMt-quQkkq_7MTp-RVLrxg24olbEg5SiC4RVkw==
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.windowscentral.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/static/glade.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.windowscentral.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/static/glade.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
p.js
cdn.parsely.com/keys/windowscentral.com/ 		47 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/windowscentral.com/p.js
Requested by
Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-58.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
5193e47e28655d2fc5b3dfc953deb76a214496204d95866998ddcd24f1700544

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
public
date
Mon, 18 Apr 2022 04:31:54 GMT
content-encoding
gzip
last-modified
Mon, 01 Mar 2021 17:08:16 GMT
server
nginx
age
34436
etag
W/"603d1f80-bd33"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
b14ZooQuWB6y2T8SAguLdlPOr-3WF2pbKaUzlRlNj93vnVg499heMQ==
expires
Tue, 19 Apr 2022 04:31:54 GMT
logo-future.png
www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/ 		938 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/logo-future.png
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b4c22fb31bd965bc428138e49e4771d006b018b88237f9900ab3d35b2b5ad6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
age
376052
cf-polished
origFmt=png, origSize=2774
content-disposition
inline; filename="logo-future.webp"
content-length
938
last-modified
Fri, 18 Mar 2022 15:02:30 GMT
server
cloudflare
etag
"62349f06-ad6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sun, 15 May 2022 05:38:18 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf5289fa35c74-FRA
cf-bgj
imgq:85,h2pri
fa-brands-400.woff2
www.windowscentral.com/sites/all/fonts/fontawesome-min/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/all/fonts/fontawesome-min/fa-brands-400.woff2
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47ee7c770102f566fd1b43746cb510d4beeac6838428d8e73c108ad34a942e62

Request headers

Referer
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:52 GMT
server
cloudflare
age
1836505
etag
"62349f1c-aa4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf5289fa55c74-FRA
content-length
2724
expires
Thu, 28 Apr 2022 07:57:25 GMT
fa-light-300.woff2
www.windowscentral.com/sites/all/fonts/fontawesome-min/ 		10 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/all/fonts/fontawesome-min/fa-light-300.woff2
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00f51b719a573dfa2938413394e4b37664f52cb517a443b422d3bb2d4b2c7586

Request headers

Referer
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:52 GMT
server
cloudflare
age
1928988
etag
"62349f1c-29b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf5289fa75c74-FRA
content-length
10672
expires
Wed, 27 Apr 2022 06:16:02 GMT
fa-regular-400.woff2
www.windowscentral.com/sites/all/fonts/fontawesome-min/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.windowscentral.com/sites/all/fonts/fontawesome-min/fa-regular-400.woff2
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1371d0f926a79debf9bb4be641ae6600ad41e6b27b6cc007f9ec30257160ed0

Request headers

Referer
https://www.windowscentral.com/sites/wpcentral.com/files/advagg_css/css__6Uwog9rDP_LyjBChMl65edelxMcXiiz8pBvY4cPTsxw__dFQ6AS_Sq8-8AzJDte5Uit_n4gOskvGxGalUo8JCGt4__-hrOzNKBWnRpd6oI03ihHywytuGoABlgfyr1ULxhHPA.css
Origin
https://www.windowscentral.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:52 GMT
server
cloudflare
age
1569610
etag
"62349f1c-27e0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6fddf5289faa5c74-FRA
content-length
10208
expires
Sun, 01 May 2022 10:05:40 GMT
wp.min.css
search-api.fie.futurecdn.net/css/browser/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://search-api.fie.futurecdn.net/css/browser/wp.min.css
Requested by
Host: search-api.fie.futurecdn.net
URL: https://search-api.fie.futurecdn.net/js/w/es6/mona.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9dc039d6499f245fa5df5ef87eec8135ef1afddd555566042560c89dc61b1d0a
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
content-encoding
gzip
x-hawk-country
xkey
asset-type-fie-widgets
age
748
x-ftr-backend-server
fievarnishprodwhite
x-hawk-area
DE
x-ftr-dc
IX
x-ftr-realm
pip
x-ftr-backend
fie-assets
x-ftr-cache-status
HIT
content-length
1669
x-ftr-expires
Mon, 18 Apr 2022 14:13:23 GMT
x-ftr-balancer
hawk-proxy-185-113-25-36
x-cache
HIT, HIT
x-ftr-request-id
00000000:E32A_00000000:01BB_625D6D58_ABCEAF:3C1C
last-modified
Wed, 13 Apr 2022 13:10:44 GMT
x-timer
S1650290751.848896,VS0,VE0
etag
"6256cbd4-1310"
x-served-by
cache-lon4244-LON, cache-hhn4031-HHN
strict-transport-security
max-age=31557600
content-type
text/css
via
1.1 varnish, 1.1 varnish
vary
Accept-Encoding
cache-control
max-age=1200, stale-if-error=172800, stale-while-revalidate=172800
accept-ranges
bytes
access-control-allow-origin
*
x-cache-hits
1, 3
54268c98-bbf3-46da-a4ee-a689ab31be37
https://www.windowscentral.com/ 		590 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.windowscentral.com/54268c98-bbf3-46da-a4ee-a689ab31be37
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e233fa437ca8020631b91098a50cf0752b2c21e79bcaf08f088150f5a10ca0ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
603951
extra_38.js
securepubads.g.doubleclick.net/static/glade/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/glade/extra_38.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/static/glade.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
aed98a9e46eb03e8f84c07f12241c32a436c87ebf56fc65d7d5ec14ae4f98bf4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 07:29:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
282962
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2404
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 20:36:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 15 Apr 2023 07:29:48 GMT
px.gif
ad-delivery.net/ 		43 B
1013 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1547436
x-guploader-uploadid
ADPycdse5asXrTV7KacSC9CsVztbGifpfcI6HXD5NFRC92fSV5W61ivFGwJk37iqGf4-ggDWX2avzgvGTkaPSVRKMm_cm9ss_g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-type
image/gif
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAcAm310Rc3Y1W2cgQHzUS26vPcb6yZp4h85JlWuBWC%2BiX0AT8yGee64pyToU%2FP1AG9YYCDsCmzbdRr4N3EtWVtp%2BCfyP9Att8LGy35VD4Ey8FYlqkd592Y283opZBDUlglc4KNeiagYWUDNMw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620242732037093
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
6fddf5290d1f910a-FRA
expires
Thu, 31 Mar 2022 16:28:40 GMT
px.gif
ad-delivery.net/ 		43 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.4643980869736799
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date
Mon, 18 Apr 2022 14:05:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1547436
x-guploader-uploadid
ADPycdse5asXrTV7KacSC9CsVztbGifpfcI6HXD5NFRC92fSV5W61ivFGwJk37iqGf4-ggDWX2avzgvGTkaPSVRKMm_cm9ss_g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-type
image/gif
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGyGtC0zjKhyIYZPht5elgJVomscJfkUUK1%2Fp6e%2BS%2FYe2kFxB73NFdCqI3tn1xCx95DbVSXJwcAP4vFdncKdbUku8%2FyoUK2KsxcMW0MzGJSnLo7suYzK7AGyE3LYPQ%2BPpvYybh5enPeD6I3Dxw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620242732037093
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
6fddf5290d20910a-FRA
expires
Thu, 31 Mar 2022 16:28:40 GMT
pmk-201901001.3.js
widget.perfectmarket.com/mobilenations1-network/ 		117 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/mobilenations1-network/pmk-201901001.3.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/mobilenations1-network/load.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
12b6fd7add250b3e434d5a9c18270214db91b8c87ad8550eb77aff2780fdd5ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
bfUibajn8Hr9uOSWwagmUKVBmPbHEKOs
content-encoding
gzip
etag
"42798c9bd56143345cd9e74dcc5ac1b9"
age
1137872
x-cache
HIT, HIT
content-length
32077
x-amz-id-2
n1PDsenK+g6RX5ufYaL9W+/tQ79nFXRP9rL/Ku0FKEGz0JtmZIT+UYrfPCPXf3C7Am+K5dSWq1c=
x-served-by
cache-lax10622-LGB, cache-hhn4025-HHN
last-modified
Thu, 28 Feb 2019 04:56:18 GMT
server
AmazonS3
x-timer
S1650290751.841198,VS0,VE0
date
Mon, 18 Apr 2022 14:05:50 GMT
vary
Accept-Encoding,,
x-amz-request-id
D586JZ9CYFNEBBW6
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
60, 3
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/38/ 		226 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/38/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/38/cmp2.js?referer=www.windowscentral.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fd77c2a1954dc2b757a6b8245a264a0422a70161f9566d997bac242f47d5bbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 18:51:52 GMT
content-encoding
gzip
age
155639
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Thu, 06 Jan 2022 15:09:37 GMT
server
AmazonS3
etag
W/"d2e44b7f9549a166eb2f13551350fe5e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
TCdI8FoU8Ya3TM8o4HugswY9QUWBMt_biRnRFzvkhjDdi5NVakkvfw==
vendor-list-trimmed-v1.json
quantcast.mgr.consensu.org/GVL-v2/ 		288 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/38/cmp2.js?referer=www.windowscentral.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c19896ac0a9f3d1f75b8dea30ed6dee1114b31efa7b0045a30b043152be802bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 03:00:36 GMT
content-encoding
gzip
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
39915
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 18 Apr 2022 03:00:32 GMT
server
AmazonS3
etag
W/"fedb004d7e74ce252287c73bf6c53cda"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
0Ge4g6eiLnNlR9GA3WjUSpRdp0dLfXQ0wCChRBzS4RBMDNvy35s3nw==
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/ 		153 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/38/cmp2.js?referer=www.windowscentral.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f200bcf9261646775132617515f713dadddbc35b310b94026892463adda7dd1

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 03:00:29 GMT
content-encoding
gzip
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
39922
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 18 Apr 2022 03:00:26 GMT
server
AmazonS3
etag
W/"22688d3780b37d282d121e93bd589f30"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
jO5fV9cxNz10mrtMikQgzPHacJUyK5KoFJ8ZWsJWdYdXmQ3A6TYidw==
fire.js
s.cpx.to/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.cpx.to/fire.js?pid=12542&ref=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&hn_ver=40&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Requested by
Host: p.cpx.to
URL: https://p.cpx.to/p/12542/px.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.48.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c6c44c033a7654aa209896cf2221aada0d18ae859937def0417fb6a8c4391275
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 18 Apr 2022 14:05:50 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Content-Length
1100
Expires
Mon, 21 Mar 2022 14:42:35 UTC
hit.gif
uk-script.dotmetrics.net/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uk-script.dotmetrics.net/hit.gif?id=5257&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&dom=www.windowscentral.com&r=1650290750848&pvs=1&pvid=313b43ad-b5ef-4488-af14-7fb3f7e12bf1&c=false
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-123.fra60.r.cloudfront.net
Software
Kestrel /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:50 GMT
dotmetrics-hit-status
01 OK
server
Kestrel
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
p3p
policyref="https://uk-script.dotmetrics.net/w3c/p3p.xml", CP="NOI DSP LAW CURa ADMa DEVa PSAa HISa OUR IND STA"
via
1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
cache-control
no-cache
content-type
image/gif
x-amz-cf-id
DPRlHIxGPH1cobpMiMpMHxTFMESPWj5gMGZ8sV_VcBIgW9T1aHvc4g==
hit.gif
rm-script.dotmetrics.net/ 		807 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rm-script.dotmetrics.net/hit.gif?id=5257&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&dom=www.windowscentral.com&r=1650290750848&pvs=1&pvid=313b43ad-b5ef-4488-af14-7fb3f7e12bf1&c=false
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:6200:d:5ce3:a4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 17 Apr 2022 17:10:33 GMT
via
1.1 342054511f9732c450e11bade76323dc.cloudfront.net (CloudFront)
last-modified
Mon, 04 Apr 2022 10:59:12 GMT
server
AmazonS3
age
75319
etag
"e4f758e6322c8f8abfa1f6eba71ee873"
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
content-length
807
x-amz-cf-id
JnxsocEyb6CWYfw2tbHwkBOoumkwur_RDQ21dwD4mlsvOeCNbF48sQ==
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=70508777&t=pageview&_s=1&dl=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAAIhAAAAAC~&jid=334447197&gjid=494982845&cid=1676469372.1650290750&tid=UA-1058506-1&_gid=331116185.1650290750&_r=1&_slc=1&cd1=full&cd2=default&cd3=true&cd4=C%3Aarticle%2CS%3Astandard%2CB%3Aaside%2CB%3Aw300&cd12=news%2Cwindows&cd13=security&cd14=91665&z=280867300
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 18 Apr 2022 14:05:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.windowscentral.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=70508777&t=pageview&_s=1&dl=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACAIhBAAAAC~&jid=832706584&gjid=1969109296&cid=1676469372.1650290750&tid=UA-4245582-4&_gid=331116185.1650290750&_r=1&_slc=1&cd1=full&cd2=News&cd3=true&cd4=C%3Aarticle%2CS%3Astandard%2CB%3Aaside%2CB%3Aw300&cd6=news%2Cwindows&cd7=security&cd8=0&cd9=91665&cd10=242&z=742837115
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 18 Apr 2022 14:05:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.windowscentral.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/mobilenations1-network/pmk-201901001.3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 04:59:27 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
35951
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
3Mak839RqaoyqKg2U46XEmszUQCRZZT97RFdm1SUmB2BlAFE7ZVXsQ==
/
audit-tcfv2.quantcast.mgr.consensu.org/ 		2 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22uer8ZPXHG8WDU%22%2C%22domain%22%3A%22www.windowscentral.com%22%2C%22publisher%22%3A%22WindowsCentral%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.38%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22Ek5FunZkhCBk40VZyjTGxA%22%2C%22clientTimestamp%22%3A1650290750959%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-d73hfjhmf1qths6wk20r%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/38/cmp2ui-en.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.121.92.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-92-52.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 18 Apr 2022 14:05:51 GMT
content-length
2
content-type
text/plain; charset=utf-8
pv
api.btloader.com/ 		0
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?tid=xkJPVvaM26&w=6519085645955072&o=5682682429177856&cv=2.9.157-1-g9c0fea6&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&upapi=true
Requested by
Host: futureplc-com.videoplayerhub.com
URL: https://futureplc-com.videoplayerhub.com/galleryplayer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 18 Apr 2022 14:05:51 GMT
cache-control
no-cache, no-store, must-revalidate
vary
Origin
alt-svc
clear
via
1.1 google
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1650290750991&plid=29412466&idsite=windowscentral.com&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&urlref=https%3A%2F%2Ft.co%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&sref=https%3A%2F%2Ft.co%2F&sts=1650290750988&slts=0&title=Windows+workstations+under+attack+by+newly+discovered+malware+%7C+Windows+Central&date=Mon+Apr+18+2022+14%3A05%3A50+GMT%2B0000+(GMT)&action=pageview&pvid=13256167&u=pid%3Dc20ebdfdbf18ffc76c56975d73e43a61
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.144.144.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-144-142.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 14:05:51 GMT
Cache-Control
no-cache
Last-Modified
Monday, 18-Apr-2022 14:05:51 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
collect
stats.g.doubleclick.net/j/ 		1 B
444 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1058506-1&cid=1676469372.1650290750&jid=334447197&gjid=494982845&_gid=331116185.1650290750&_u=aGBAAAIgAAAAAC~&z=1643608542
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 18 Apr 2022 14:05:51 GMT
content-type
text/plain
access-control-allow-origin
https://www.windowscentral.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-4245582-4&cid=1676469372.1650290750&jid=832706584&gjid=1969109296&_gid=331116185.1650290750&_u=aGDACAIhBAAAAC~&z=1571356210
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/sites/wpcentral.com/files/googleanalytics/analytics.js?raao42
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 18 Apr 2022 14:05:51 GMT
content-type
text/plain
access-control-allow-origin
https://www.windowscentral.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
token
token.rubiconproject.com/ 		0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/token?pid=34010&puid=25342248ceb45652&gdpr=0
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sync
s.cpx.to/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0443D66D-DCB9-4A2D-A8AA-824B3241717A&fid=40ab04ed-4be8-4823-8617-a681df6f60df
95 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0443D66D-DCB9-4A2D-A8AA-824B3241717A&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Server
52.211.48.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 18 Apr 2022 14:05:51 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Mon, 18 Apr 2022 14:05:51 UTC

Redirect headers

location
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=0443D66D-DCB9-4A2D-A8AA-824B3241717A&fid=40ab04ed-4be8-4823-8617-a681df6f60df
date
Mon, 18 Apr 2022 14:05:50 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
s.cpx.to/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=0fkciot&ttd_tpi=1
  • https://s.cpx.to/sync?dsp_uid=95a559f5-7e39-4c62-be86-6b250fe96184&dsp=TTD
95 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=95a559f5-7e39-4c62-be86-6b250fe96184&dsp=TTD
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Server
52.211.48.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 18 Apr 2022 14:05:51 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Mon, 18 Apr 2022 14:05:51 UTC

Redirect headers

pragma
no-cache
date
Mon, 18 Apr 2022 14:05:51 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://s.cpx.to/sync?dsp_uid=95a559f5-7e39-4c62-be86-6b250fe96184&dsp=TTD
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
179
getuid
sync.smartadserver.com/
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3D40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0
  • https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0&cklb=1
0
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0&cklb=1
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Server
185.86.139.106 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 18 Apr 2022 14:05:51 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location
https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=40ab04ed-4be8-4823-8617-a681df6f60df&gdpr=0&cklb=1
pragma
no-cache
date
Mon, 18 Apr 2022 14:05:50 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
an_fire
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12542%26ref%3Dhttps%253A%252F%252Ft.co%252F%26url%3Dhttps%253A%252F%252Fwww.windowscentral.com%252F...
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12542%2526ref%253Dhttps%25253A%25252F%25252Ft.co%25252F%2526url%253Dh...
  • https://s.cpx.to/an_fire?app_nexus_uid=6230648545388254164&pid=12542&ref=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&...
95 B
865 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/an_fire?app_nexus_uid=6230648545388254164&pid=12542&ref=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&hn_ver=40&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Server
52.211.48.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 18 Apr 2022 14:05:51 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Mon, 18 Apr 2022 14:05:51 UTC

Redirect headers

Pragma
no-cache
Date
Mon, 18 Apr 2022 14:05:51 GMT
X-Proxy-Origin
185.213.155.163; 185.213.155.163; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
78034caa-df0b-429e-a523-b3a6b9c9f8e3
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/an_fire?app_nexus_uid=6230648545388254164&pid=12542&ref=https%3A%2F%2Ft.co%2F&url=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&hn_ver=40&fid=40ab04ed-4be8-4823-8617-a681df6f60df
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ca.png
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_tc=
  • https://s.cpx.to/ca.png?dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_gid=CAESEAJTcOiFX6MxV5UJQaYuDUo&google_cver=1
95 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_gid=CAESEAJTcOiFX6MxV5UJQaYuDUo&google_cver=1
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Server
52.211.48.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-48-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Mon, 18 Apr 2022 14:05:51 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
95

Redirect headers

pragma
no-cache
date
Mon, 18 Apr 2022 14:05:51 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.cpx.to/ca.png?dsp=dbm&fid=40ab04ed-4be8-4823-8617-a681df6f60df&google_gid=CAESEAJTcOiFX6MxV5UJQaYuDUo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
334
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
pool.grid-data.bidswitch.net/ 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pool.grid-data.bidswitch.net/sync?pid=42
Requested by
Host: www.windowscentral.com
URL: https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.66.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-66-25.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 14:05:51 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
rt=ifr
bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/ Frame 6FF3
Redirect Chain
  • https://bcp.crwdcntrl.net/5/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
  • https://bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
163 B
404 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/12464/cc.js?ns=_cc12464
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.131.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-131-63.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
31c569d868268829ebaa21b3f4ce8a1a2e18dcfe8f6e66be63d89c3837234d9b

Request headers

Referer
https://www.windowscentral.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache
content-length
163
content-type
text/html;charset=utf-8
date
Mon, 18 Apr 2022 14:05:51 GMT
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma
no-cache
server
Jetty(9.4.38.v20210224)
x-consent
absent
x-server
10.45.10.218

Redirect headers

cache-control
no-cache
content-length
0
date
Mon, 18 Apr 2022 14:05:51 GMT
expires
0
location
https://bcp.crwdcntrl.net/5/ct=y/c=12464/rand=166701101/pv=y/int=%23OpR%2382438%23windowscentral%20%3A%20Total%20Site%20Traffic/rt=ifr
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma
no-cache
server
Jetty(9.4.38.v20210224)
x-server
10.45.12.40
beacon.js
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain
  • https://sb.scorecardresearch.com/cs/10055482/beacon.js
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Protocol
H2
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:58:49 GMT
content-encoding
gzip
etag
W/"5b0f9f0704a703b8da651007721fac57"
last-modified
Thu, 04 Mar 2021 13:31:34 GMT
server
AmazonS3
age
424
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
RJAYMrrp01GiWrIcT1wRrPtPh0b0jV8egQfk9CF9lEbu8AkqVdO03Q==

Redirect headers

location
/internal-cs/default/beacon.js
date
Mon, 18 Apr 2022 14:05:52 GMT
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
0
x-amz-cf-id
9V7DjsfbwVGqcMBtBQq6_2CofjX7IZ7EFk3eGnOniDegvBn5_VkB0A==
x-cache
Miss from cloudfront
b2
sb.scorecardresearch.com/ 		0
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=10055482&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=&gdpr_pcc=AA&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=38&cs_cmp_rt=0&cs_it=b2&cv=3.8.0.210223&ns__t=1650290752592&ns_c=UTF-8&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&c9=https%3A%2F%2Ft.co%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:52 GMT
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
mDPjZlndAUzv_Gu1wUtxsnYb2Sc0uQl1kWYDawM5sXuvrPEI_c_Lzw==
x-cache
Miss from cloudfront
services
g2.gumgum.com/zones/n6aekmb1/ 		438 B
913 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/zones/n6aekmb1/services?dp=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&pu=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&ogu=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&rf=https%3A%2F%2Ft.co%2F&r=3.87.12&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B2%5D%2C%22jsv%22%3A%223.87.12%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=9216&bf=fd6626bab39ab23d2a3370e8d8131bb318cf204d&ce=true&fs=false&dpr=1&sch=1200&scw=1600&lt=1650290753440&to=0&vpii=false&vph=1200&vpw=1600&gdprApplies=1&uspConsent=1---
Requested by
Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.96.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-96-173.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8f921e843fde35874e3d385fec365d2b9529fef3b7bafa6996c710482a6c68a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:53 GMT
content-encoding
gzip
server
nginx
etag
W/"08cf6894186c0b4a31285efb082464c47"
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.windowscentral.com
access-control-allow-credentials
true
timing-allow-origin
*
new
g2.gumgum.com/assets/ 		140 B
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/assets/new?assets=%7B%22v%22%3A%221.1%22%2C%22pv%22%3A%227ea895d6-1d1c-491a-82fe-0db57cf5aa69%22%2C%22r%22%3A%223.87.12%22%2C%22t%22%3A%22n6aekmb1%22%2C%22rf%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22fs%22%3Afalse%2C%22ce%22%3Atrue%2C%22p%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22a%22%3A%5B%7B%22i%22%3A1%2C%22u%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fsites%2Fwpcentral.com%2Ffiles%2Fstyles%2Flarge_wm_brb%2Fpublic%2Ffield%2Fimage%2F2021%2F05%2Fhp-zbook-studio-g8-ports2.jpg%22%2C%22w%22%3A750%2C%22h%22%3A562%2C%22x%22%3A260%2C%22y%22%3A787%2C%22lt%22%3A%22none%22%2C%22af%22%3Afalse%2C%22prefetch%22%3Afalse%2C%22ia%22%3A%22Hp%20Zbook%20Studio%20G8%20Ports%22%7D%5D%2C%22ac%22%3A%7B%7D%2C%22vp%22%3A%7B%22ii%22%3Afalse%2C%22w%22%3A1600%2C%22h%22%3A1200%7D%2C%22sc%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22d%22%3A1%7D%2C%22tr%22%3A0.4%2C%22ogu%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware%22%7D&bf=fd6626bab39ab23d2a3370e8d8131bb318cf204d&lt=1650290753567&to=0&gdprApplies=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B2%5D%2C%22jsv%22%3A%223.87.12%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=9216&uspConsent=1---
Requested by
Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.96.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-96-173.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
824bb16f7b52057e79d13bbff23aaed76b29bbd684ace86b4bd177b2f4f03fb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:53 GMT
content-encoding
gzip
server
nginx
etag
W/"067358ee73609eacb078204a2867a8f9d"
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.windowscentral.com
access-control-allow-credentials
true
timing-allow-origin
*
p2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%2...
  • https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%...
43 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&c9=https%3A%2F%2Ft.co%2F&cv=2.0&cj=1&ns__t=1650290753563
Protocol
H2
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:53 GMT
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
43
x-amz-cf-id
QlMY_tEenKByYEiohds0g0nTcyX936uGK7AT6IL2yw-bncVz_95b4g==
x-cache
Miss from cloudfront
content-type
image/gif

Redirect headers

location
/p2?c1=8&c2=15039634&c3=9&c4=n6aekmb1&c7=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&c8=Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%20%7C%20Windows%20Central&c9=https%3A%2F%2Ft.co%2F&cv=2.0&cj=1&ns__t=1650290753563
date
Mon, 18 Apr 2022 14:05:53 GMT
via
1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
0
x-amz-cf-id
FyOca_wdDnKzi7_MSzyjzDUWLal6SAxlhVWp6Ecg4dsPZga5B0H8Lw==
x-cache
Miss from cloudfront
quant.js
secure.quantserve.com/ Frame 8A43 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: t.co
URL: https://t.co/WbYruGRdwh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:53 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Mon, 25 Apr 2022 14:05:53 GMT
rules-p-00TsOkvHvnsZU.js
rules.quantcount.com/ Frame 8A43 		3 B
429 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-00TsOkvHvnsZU.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:7e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 06:20:26 GMT
via
1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
age
27928
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:30:30 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P6
accept-ranges
bytes
x-amz-cf-id
wYfwDLEbE3liHHg4SVWREAdEZ-zHevZ13UP-oIqZVFnUVtigLywGUw==
9.gif
id5-sync.com/s/441/ 		43 B
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/441/9.gif?puid=e_42ef6c37-fae1-4805-84bc-2d8c3b34a2af&gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.20.87 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p19.id5-sync.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 14:05:53 GMT
Transfer-Encoding
chunked
Content-Type
image/gif;charset=UTF-8
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"
json
trc.taboola.com/mobilenations1-windowcentral/trc/3/ 		44 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/mobilenations1-windowcentral/trc/3/json?tim=14%3A05%3A57.342&lti=deflated&data=%7B%22id%22%3A100%2C%22ii%22%3A%22%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1650272604222%2C%22vi%22%3A1650290757340%2C%22cv%22%3A%2220220418-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22tcs%22%3A%22%22%2C%22gwto%22%3Atrue%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22vpi%22%3A%22%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4485%2C%22nsid%22%3A%22mobilenations1-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbs-ma-01%3Apub%3Dmobilenations1-network%3Aabp%3D0%22%2C%22uip%22%3A%22Mid%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Mid%20Article%20Thumbnails%22%2C%22cd%22%3A2028.578125%2C%22mw%22%3A728%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-d%3Apub%3Dmobilenations1-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20article%204x2%22%2C%22orig_uip%22%3A%22Below%20article%204x2%22%2C%22cd%22%3A3659.046875%2C%22mw%22%3A1080%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fwindows-workstations-under-attack-newly-discovered-malware%2CBelow%20article%204x2%3Dthumbnails-d%3Apub%3Dmobilenations1-network%3Aabp%3D0%2C%2CMid%20Article%20Thumbnails%3Dthumbs-ma-01%3Apub%3Dmobilenations1-network%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220418-3-RELEASE.es5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://www.windowscentral.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
392
date
Mon, 18 Apr 2022 14:05:57 GMT
content-encoding
gzip
server
nginx
x-timer
S1650290757.361504,VS0,VE392
x-served-by
cache-hhn4073-HHN
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.windowscentral.com
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
via
1.1 varnish
x-cache-hits
0
wc-logo-color.svg
www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/all/themes/mbn2_twig/assets/images/wc-logo-color.svg?reload
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 14:05:57 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 18 Mar 2022 15:02:30 GMT
server
cloudflare
age
1836490
etag
W/"62349f06-121f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2678400
cf-ray
6fddf5542eb35c74-FRA
expires
Thu, 28 Apr 2022 07:57:47 GMT
cta-component.20220418-3-RELEASE.es5.js
cdn.taboola.com/libtrc/ 		0
0
tb
15.taboola.com/ 		0
0
userx.20220418-3-RELEASE.es5.js
cdn.taboola.com/libtrc/ 		0
0
explore-more.20220418-3-RELEASE.es5.js
cdn.taboola.com/libtrc/ 		0
0
feed-card-placeholder.20220418-3-RELEASE.es5.js
cdn.taboola.com/libtrc/ 		0
0
visit.jpg
tps.doubleverify.com/ 		0
0
impression_pixel
t.myvisualiq.net/ 		0
0
B27190692.332800263;dc_trk_aid=524614280;dc_trk_cid=165392627;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=
ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/ 		0
0
supply-feature
trc.taboola.com/mobilenations1-windowcentral/log/3/ 		0
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/mobilenations1-windowcentral/log/3/supply-feature?route=AM:AM:V&lti=deflated&ri=50e5ee34311a065fe6c613a20552fd6c&sd=v2_767ab18d0624850f2ac1ef3de7205ed2_c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5_1650290757_1650290757_CGoQ5I1DGNyd-ueDMCABKAEwODib4wlAiIoQSKa02QNQouwQWABgAGiD2JXN5_L01rUBcAA&ui=c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5&pi=/windows-workstations-under-attack-newly-discovered-malware&wi=8527795652151390451&pt=text&vi=1650290757340&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22ADOPTED%22%2C%22event_value%22%3Anull%2C%22event_msg%22%3Anull%7D&tim=14%3A05%3A57.800&id=1280&llvl=2&cv=20220418-3-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-vcl-time-ms
9
pragma
no-cache
date
Mon, 18 Apr 2022 14:05:57 GMT
via
1.1 varnish
server
nginx
x-timer
S1650290758.857621,VS0,VE9
x-served-by
cache-hhn4073-HHN
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
social
am-trc-events.taboola.com/mobilenations1-windowcentral/log/3/ 		0
0
abtests
trc.taboola.com/mobilenations1-windowcentral/log/3/ 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/mobilenations1-windowcentral/log/3/abtests?route=AM:AM:V&lti=deflated&ri=50e5ee34311a065fe6c613a20552fd6c&sd=v2_767ab18d0624850f2ac1ef3de7205ed2_c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5_1650290757_1650290757_CGoQ5I1DGNyd-ueDMCABKAEwODib4wlAiIoQSKa02QNQouwQWABgAGiD2JXN5_L01rUBcAA&ui=c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5&pi=/windows-workstations-under-attack-newly-discovered-malware&wi=8527795652151390451&pt=text&vi=1650290757340&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1650290757889%7D&tim=14%3A05%3A57.889&id=7705&llvl=2&cv=20220418-3-RELEASE&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.windowscentral.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Mon, 18 Apr 2022 14:05:57 GMT
via
1.1 varnish
server
nginx
x-timer
S1650290758.899735,VS0,VE8
x-served-by
cache-hhn4073-HHN
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/cta-component.20220418-3-RELEASE.es5.js
Domain
15.taboola.com
URL
https://15.taboola.com/tb?oid=15&pubnm=mobilenations1-windowcentral&unitType=4&tbloc=&pageType=text&pstn=Mid%20Article%20Thumbnails&uuip=&cisrf=https%3A%2F%2Ft.co%2F&cirf=https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware&encoded=1&uid=c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5&variant=-100|493387&callback=TRC.videoTagCallbacks.videoCallback1&cb=1650290757797&tagid=&cntry=DE&platform=1&sesid=767ab18d0624850f2ac1ef3de7205ed2&itemid=/windows-workstations-under-attack-newly-discovered-malware&viewid=1650290757340&geolat=&geoing=&deviceifa=&appid=&sd=v2_767ab18d0624850f2ac1ef3de7205ed2_c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5_1650290757_1650290757_CGoQ5I1DGNyd-ueDMCABKAEwODib4wlAiIoQSKa02QNQouwQWABgAGiD2JXN5_L01rUBcAA&ri=50e5ee34311a065fe6c613a20552fd6c&appname=&cdb=&gdprApplies=true&rid=&sii=8527795652151390451&oee=true&tpubid=1099492&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=NW&hasGDPRConsent=true&tcfVersion=2&cmpStatus=0&tnetid=1099489&prcnt=&layer=&normp=1
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/userx.20220418-3-RELEASE.es5.js
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/explore-more.20220418-3-RELEASE.es5.js
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/feed-card-placeholder.20220418-3-RELEASE.es5.js
Domain
tps.doubleverify.com
URL
https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=27190692&sid=5791742&plc=332800263&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Domain
t.myvisualiq.net
URL
https://t.myvisualiq.net/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=993&aca=27190692&si=5791742&ci=165392627&pi=332800263&ad=524614280&advt=9642282&chnl=-7&vndr=115&sz=9675&u={AuctionID};&viq_did={device}&pt=I
Domain
ad.doubleclick.net
URL
https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B27190692.332800263;dc_trk_aid=524614280;dc_trk_cid=165392627;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?;dc_ref=windowscentral.com
Domain
am-trc-events.taboola.com
URL
https://am-trc-events.taboola.com/mobilenations1-windowcentral/log/3/social?route=AM:AM:V&lti=deflated&ri=50e5ee34311a065fe6c613a20552fd6c&sd=v2_767ab18d0624850f2ac1ef3de7205ed2_c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5_1650290757_1650290757_CGoQ5I1DGNyd-ueDMCABKAEwODib4wlAiIoQSKa02QNQouwQWABgAGiD2JXN5_L01rUBcAA&ui=c0a3bf5f-f20b-4916-9a10-58bc4d40fee4-tuct956f5c5&pi=/windows-workstations-under-attack-newly-discovered-malware&wi=8527795652151390451&pt=text&vi=1650290757340&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fwindows-workstations-under-attack-newly-discovered-malware%22%2C%22rref%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Windows%20workstations%20under%20attack%20by%20newly%20discovered%20malware%22%2C%22sec%22%3A%22News%22%2C%22aut%22%3A%5B%22Sean%20Endicott%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.windowscentral.com%2Fsites%2Fwpcentral.com%2Ffiles%2Fstyles%2Flarge%2Fpublic%2Ffield%2Fimage%2F2021%2F05%2Fhp-zbook-studio-g8-ports2.jpg%22%2C%22v%22%3A15%2C%22ui%22%3A%22%22%2C%22ut%22%3A%22%22%2C%22pw%22%3A%22%22%7D%5D%7D&tim=14%3A05%3A57.884&id=1588&llvl=2&cv=20220418-3-RELEASE&

Verdicts & Comments Add Verdict or Comment

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| _taboola string| hostname function| __tcfapi function| __uspapi object| ccpaAppliesPromise object| permutive object| googletag object| freyr object| Drupal object| partnerProfile function| get_watermark_prefix function| replace_image_style function| get_image_style function| initScrollbar function| $ function| jQuery function| Waypoint function| ga object| mbn_config function| initColorScheme function| initArticlePrimary function| updateArticleWidgets function| initPagination function| initAnalyticsEventTracking function| initArticleScroll function| updateArticleAds function| updateArticleImages function| initArticleInfiniteScroll function| initArticleImages function| mbn_common_initialize_lightboxes function| mbn_common_htmlEscape object| gptadslots object| gpt_defaultsizemappings function| gpt_move_inline_article_ad function| gpt_move_inline_ad string| GoogleAnalyticsObject object| _newsroom string| terms object| kw object| playlistids string| playlistid object| targeting object| bordeaux number| scrollbarWidth string| captify_kw_query_12542 undefined| fbAsyncInitOrg function| fbAsyncInit object| PARSELY function| comscoreIntegration string| spe_url object| spe_url_array string| spe_root_url string| spe_segments object| _qevents object| dataLayer string| domain string| site string| articleId object| s object| noHawkTag object| shoppingEnablementBlock string| hawk_widgets_endpoint string| hawklinks_endpoint string| hawk_api_endpoint object| analytics_ga_data object| teads_analytics object| _ml object| _cc12464 object| LOTCC string| ggv2id object| dm function| alert_bar_init function| initNewsletter function| attachYoutubePlayerStateChange function| onPlayerStateChange function| initArticleComments object| picturefillCFG function| picturefill object| query object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| TRC object| _tblConsole string| pm_pgtp undefined| msg function| parcelRequire number| newsroomStartsLoadingTime object| tbNewsroom object| hawkWebpackJsonP object| fastdom object| bordeauxJsonp function| setImmediate function| clearImmediate function| tmntag_triggerEvent function| tmntag_render string| indexExchangeDeviceType object| bordeauxAds object| bdx object| regeneratorRuntime function| __tcfapiui object| FB function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| glade boolean| google_measure_js_timing number| __google_ad_urls_id object| googleToken object| googleIMState function| processGoogleToken function| _classCallCheck function| _defineProperties function| _createClass function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcWarnUsingBeacon function| __trcDOMWalker function| __trcJSONify function| __trcUnJSONify function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager function| addHashParam number| trc_debug_level string| trc_article_id object| TRCImpl object| hawk object| $articles object| $ajaxArticles string| waypointContextKey number| depth object| p object| __bt_tag_d object| __bt_intrnl boolean| __bt_already_invoked boolean| _tb_dis string| pm_ppy string| _pmep string| _pmep_geo string| _pmpmk boolean| _pmasync boolean| _pmoptimization boolean| _pmoptimizationmanipulation boolean| _pmhp boolean| _pmsb object| pmk object| pmglb object| pmfa object| pmad object| pmdebug_c object| _pmenv object| _pma undefined| _tb_d undefined| _tb_rand object| _pm_ecd boolean| _tb_vautop function| _pmloadfile function| pmws_request_done function| _tb_getUrlParameter object| ggevents undefined| bean object| GUMGUM boolean| DotMetricsInitScript object| google_tag_manager object| _pmk function| TBWidgetFacebook function| TBClickToPlayVideo function| TBClickToPlayVideoElem function| TBVideoElem function| TBVideoEvents function| TBOptimizationAutoPlayInfoFromXPathAndURL function| TBWidgetVideoPlayer function| TBGenericVideoModule function| TBOtherPlayer function| TBVideoMetaData function| TBVideo function| TBVideoDetectionYoutubeAPI function| TBOptimizationTouchAndClickEventTracker function| TBWidgetStorage object| PMFileLoader object| PMPage object| PMTemplate function| PMTracking function| PMUniversalGA function| PMMdotLabs function| PMComScore function| PMPublisher function| TBOptimization function| PMGlobal function| pmws_getlocation_done object| pmdebug object| pmws object| xi object| _pm_mcg object| tbopt function| _typeof object| google_js_reporting_queue function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls function| udm_ object| _comscore object| COMSCORE object| ns_p object| ggData

40 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 44aeb39b-410e-4e8e-8756-56eacdbaa637
.windowscentral.com/ Name: _ga
Value: GA1.2.1676469372.1650290750
.windowscentral.com/ Name: _gid
Value: GA1.2.331116185.1650290750
.www.windowscentral.com/ Name: usprivacy
Value: 1YNN
.servebom.com/ Name: u
Value: 8EE3A7AA31754F6DB2FAA8F533548B75
.windowscentral.com/ Name: _gat
Value: 1
.windowscentral.com/ Name: _gat_global
Value: 1
www.windowscentral.com/ Name: h_id
Value: 8EE3A7AA31754F6DB2FAA8F533548B75
uk-script.dotmetrics.net/ Name: AWSALBCORS
Value: pDu4AI1mCiVw0FBEwfqY2/rj4rQ4i6ppfK7SONj/BPRSl2pQiFYqsQVq4fkVglLN7Ych/1yK0mP91GorVW4OqopEFgCoEdeUByJVjlXaxYcyTdaiDKylu5mGWW0j
.dotmetrics.net/ Name: DotMetrics.DeviceKey
Value: DeviceID=
.dotmetrics.net/ Name: DotMetrics.UniqueUserIdentityCookie
Value: UserID=c9eaa081-b26c-4286-bba6-c982d8bf7618&Created=04/18/2022 14:05:50&UserMode=0&guid=f4472a03-ce1d-4603-99cb-aa8236917c58&ver=1
www.windowscentral.com/ Name: _tb_sess_r
Value: https%3A//t.co/
www.windowscentral.com/ Name: _tb_t_ppg
Value: https%3A//www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware
.cpx.to/ Name: cpSess
Value: 25342248ceb45652
.windowscentral.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.windowscentral.com/windows-workstations-under-attack-newly-discovered-malware%22%2C%22sref%22:%22https://t.co/%22%2C%22sts%22:1650290750988%2C%22slts%22:0}
.windowscentral.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=c20ebdfdbf18ffc76c56975d73e43a61%22%2C%22session_count%22:1%2C%22last_session_ts%22:1650290750988}
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16100%3b%24o%3d11100
.pubmatic.com/ Name: KTPCACOOKIE
Value: true
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 0443D66D-DCB9-4A2D-A8AA-824B3241717A
.adsrvr.org/ Name: TDID
Value: 95a559f5-7e39-4c62-be86-6b250fe96184
.smartadserver.com/ Name: pid
Value: 1728118660661054858
.adnxs.com/ Name: uuid2
Value: 6230648545388254164
.cpx.to/ Name: dsp_pubmatic
Value: 0443D66D-DCB9-4A2D-A8AA-824B3241717A#1650290751126
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwjyhpns6NPQOhAFOAE.
.cpx.to/ Name: dsp_TTD
Value: 95a559f5-7e39-4c62-be86-6b250fe96184#1650290751171
.doubleclick.net/ Name: IDE
Value: AHWqTUmk5y65FImV34uniouxbH9m68F6jhlk0CCYDpQRjAyBYn9Idl4MB7c3z8ywaBc
.cpx.to/ Name: dsp_app_nexus
Value: 6230648545388254164#1650290751230
.cpx.to/ Name: dsp_dbm
Value: CAESEAJTcOiFX6MxV5UJQaYuDUo#1650290751261
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.gumgum.com/ Name: cs
Value: true
.gumgum.com/ Name: loc
Value: SfolTs1ZIlPB8MVKEK8IyKSvg4rUpAiO8hszRu6MQdwXgciFy314eCa8DRCNeggGXhiT-f7JeZzLddO_-ZeqByeQVcyafU09Z_Dn94038kpcRXAVFOf9dw
.gumgum.com/ Name: vst
Value: e_42ef6c37-fae1-4805-84bc-2d8c3b34a2af
.scorecardresearch.com/ Name: UID
Value: 157f68ca94ddb476796c7671650290753
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: callback
Value:

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network error URL: https://pool.grid-data.bidswitch.net/sync?pid=42
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app
a.teads.tv
ad-delivery.net
ad.doubleclick.net
ads.servebom.com
adservice.google.com
adservice.google.de
am-trc-events.taboola.com
api.btloader.com
audit-tcfv2.quantcast.mgr.consensu.org
bcp.crwdcntrl.net
bordeaux.futurecdn.net
btloader.com
c2.taboola.com
cdn.parsely.com
cdn.taboola.com
cm.g.doubleclick.net
connect.facebook.net
d1z2jf7jlzjs58.cloudfront.net
freyr.futurecdn.net
futureplc-com.videoplayerhub.com
g2.gumgum.com
id5-sync.com
image2.pubmatic.com
js.gumgum.com
match.adsrvr.org
ml314.com
p.cpx.to
p1.parsely.com
pool.grid-data.bidswitch.net
quantcast.mgr.consensu.org
rm-script.dotmetrics.net
rules.quantcount.com
s.cpx.to
sb.scorecardresearch.com
search-api.fie.futurecdn.net
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
sommelier.futurehybrid.tech
stats.g.doubleclick.net
sync.smartadserver.com
t.co
t.myvisualiq.net
tags.crwdcntrl.net
test.quantcast.mgr.consensu.org
token.rubiconproject.com
tps.doubleverify.com
trc.taboola.com
uk-script.dotmetrics.net
unpkg.com
use.typekit.net
widget.perfectmarket.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.windowscentral.com
15.taboola.com
ad.doubleclick.net
am-trc-events.taboola.com
cdn.taboola.com
t.myvisualiq.net
tps.doubleverify.com
104.244.42.197
13.32.99.105
130.211.23.194
142.250.186.130
142.250.186.98
151.101.2.114
151.101.65.44
151.139.128.11
18.200.96.173
18.66.100.58
18.66.139.123
18.66.97.8
185.64.189.110
185.86.139.106
2.18.232.7
2600:9000:223f:6200:d:5ce3:a4c0:93a1
2600:9000:2240:9600:9:46dc:4700:93a1
2600:9000:225e:b600:3:a4cd:8380:93a1
2600:9000:2490:7e00:6:44e3:f8c0:93a1
2606:4700:20::681a:346
2606:4700:20::681a:832
2606:4700:20::ac43:4686
2606:4700::6810:7daf
2606:4700::6812:451
2606:4700::6812:bc37
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::200e
2a00:1450:400c:c0a::9b
2a02:26f0:3500:7::17d8:4dca
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.121.92.52
3.248.131.63
34.111.234.236
35.157.66.25
35.71.131.137
37.252.172.36
51.89.20.87
52.19.12.108
52.211.48.15
52.215.1.116
52.222.214.17
52.222.250.115
54.144.144.142
69.173.144.139
00f51b719a573dfa2938413394e4b37664f52cb517a443b422d3bb2d4b2c7586
00f7d628d0c49b1b0d512c3c56d16cc8d0ac222e7437efea750b584083c053dd
046012c8aaf0ace314f7dd8d459e91cf82886c9c31a8f212b5e9edf42abf0dc4
067edf7df83e78af3ad8bd0b56325be772f837a5f9cb1f3c2d8a0f3d29da7f11
0bd4246cc88ea9a0f90dc318e0ff3c42b4ab6da779c6557f00ca1d5d404408fa
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030
0f507045398a529b76fa0de28f329699590b881503633f2cea95a87013359da6
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12b6fd7add250b3e434d5a9c18270214db91b8c87ad8550eb77aff2780fdd5ff
17077ffaf689a4f07028a1d15ea2a54fd4189707578ed0b3acdfdda59aa0362d
1b4c22fb31bd965bc428138e49e4771d006b018b88237f9900ab3d35b2b5ad6b
1cf5396993e4b7b8e74c4bd348756f51104cc01ce20b5f7a193a45ec47574c63
20eb956a307ce99d9b74fd8c4e61e3bbf2ac53532beb429e073b610de69c6c3a
25db43cdbafdfcb1e932d48d691a87835d88e898ef6817da85dba40cd3f7b2dc
26b19b50b1459f5c81dafdb46a5b5ec3930f77c1ce9f49df144351ced50f1256
28183d032afee3e3f6cd4940b084a0f47e74288d5f60d91f11ab9885687b20c0
2f03b278147f8f0bbfd56ebe73d183470ec71d18512c2d24bea55212bbe724e1
31c569d868268829ebaa21b3f4ce8a1a2e18dcfe8f6e66be63d89c3837234d9b
45b6640b10629fe0dcec64d3031726d9841d5504280f8be01f2d5ca2f31f5cdd
464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028
47574b2437bb834db5f02f5c5e4952fe1a2b6313348dd6cfbcecfaa579f704d6
47ee7c770102f566fd1b43746cb510d4beeac6838428d8e73c108ad34a942e62
5193e47e28655d2fc5b3dfc953deb76a214496204d95866998ddcd24f1700544
52ff2a623c77412b9c7f27ee7d24bd125b1e3dd37450c45fe373e0627824b9ef
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
577c6dfe3ebcb5435b28de78f9112774f8910e67e889aad87895daf6cd1a9f44
5e689afb72419c1c950713dd2f2226b855671f70a38c89212cbf0ebb71309378
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
6838420e13959ecffe73d3576ee2125a66c9315237394a23e3dd4a5181e80cda
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c21173e97cdde5579f5144813a24b7e406ad2a6a483da2cd18b864a8d2ecc40
6f200bcf9261646775132617515f713dadddbc35b310b94026892463adda7dd1
6f27ead86675e282e4ab4bb981cede9beab7ab1d2e849e42643654cca896c1e9
74d4fe26abff96aadb849dea507e94f1d944bfb805ef7e410b5024dea3f6ba44
75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9
7fd77c2a1954dc2b757a6b8245a264a0422a70161f9566d997bac242f47d5bbc
824bb16f7b52057e79d13bbff23aaed76b29bbd684ace86b4bd177b2f4f03fb4
87a05e266719cffcabe1f5b046d7e6c0b095a2f35723e3d00b41d001b5b02ff0
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8e4f5f3bc3d6c472382dc6ae414a1d2558fc9fd1fe4ec4c7ae7d3adc8957d438
8f921e843fde35874e3d385fec365d2b9529fef3b7bafa6996c710482a6c68a1
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9379485b510d404dc953c886c69acc421789b085804b6148d2f30be9f8ff0880
94fe2acdde59c996a475902afadf127e555e25fb6aae6f8f93914b318de3e19d
9dc039d6499f245fa5df5ef87eec8135ef1afddd555566042560c89dc61b1d0a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ad1cd9c9fd8f0eb0c9e41a7683654a834d6da5e3ba132f70096b7929e79eb298
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aed98a9e46eb03e8f84c07f12241c32a436c87ebf56fc65d7d5ec14ae4f98bf4
b09a3d86d925d8c1b1c75ca30f94ab85fbd69614c5d6b9fb1f7ce54d5a221fda
b1371d0f926a79debf9bb4be641ae6600ad41e6b27b6cc007f9ec30257160ed0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b25590ed0eb80f9d4324448b2f2be99e6b7c73affaaed9625d1643826fe218c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c19896ac0a9f3d1f75b8dea30ed6dee1114b31efa7b0045a30b043152be802bb
c1c9d79d4c1f7434241f585d6cda795673e9a883999631e6889c46d6e01681b1
c4c15bc640dcb083a4e41c317a132a4f28f3678db046e131c76f201bdaeceef2
c6c44c033a7654aa209896cf2221aada0d18ae859937def0417fb6a8c4391275
c84a5b9e09825082ba7b583fddf8abca5efbdd05eb7beb7d9e2abdfcebda332c
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd058e51526b3cec4f24d62da25e068dddd98f10809f5f46cde0013c006d8607
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2f14c14f8b1cc9659e849b3db6b22410b5641152120e50e5a1292d78016016c
da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd23f77e0f2633a6eb7eab764d98ab21a0ae46fe92d169262b52ffefd1dcf16c
dedf0005af46ab90d7b42e76026288fc5a2ba67ce8ffae805f22e971f358c55b
e233fa437ca8020631b91098a50cf0752b2c21e79bcaf08f088150f5a10ca0ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d30c76f6c4f12662e2a140e5900c3f0a68776ed72f22d3fd626d6b9b7218d2
f1d645284ac0f689610282b670bc36669e986109482614d5cd74d37dfac2a9e3
f42e1cd6c29e600d1e67f3a4a315f29d13875e15ec3c6413eb9b4ec76929b528
fab2e6b042ec3920ace988314188075cf130ec5c8f9892bc8cddf94ac4ed7294