www.theregister.com Open in urlscan Pro
104.18.5.22 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
Submission: On July 09 via api (July 9th 2024, 2:08:12 am UTC) from TR — Scanned from DE

Summary HTTP 43 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 43 HTTP transactions. The main IP is 104.18.5.22, located in and belongs to CLOUDFLARENET, US. The main domain is www.theregister.com. The Cisco Umbrella rank of the primary domain is 160726.
TLS certificate: Issued by WE1 on July 7th 2024. Valid for: 3 months.

This is the only time www.theregister.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	104.18.5.22 104.18.5.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
3	172.217.23.110 172.217.23.110	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
43	9

30 104.18.5.22 (None, )

ASN13335 (CLOUDFLARENET, US)

www.theregister.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.23.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	theregister.com www.theregister.com — Cisco Umbrella Rank: 160726	178 KB
5	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 641	127 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	157 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 157	176 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2949
1	gstatic.com fonts.gstatic.com	126 KB
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 128	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 108	6 KB
43	8

	Domain	Requested by
30	www.theregister.com	www.theregister.com
5	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
2	www.googletagmanager.com	www.theregister.com www.googletagmanager.com
2	pagead2.googlesyndication.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.gstatic.com	www.theregister.com
1	lh3.googleusercontent.com	www.theregister.com
1	fonts.googleapis.com
43	8

This site contains links to these domains. Also see Links.

Domain
account.theregister.com
search.theregister.com
whitepapers.theregister.com
forums.theregister.com
www.reddit.com
twitter.com
www.facebook.com
www.linkedin.com
api.whatsapp.com
decoded.avast.io
www.threatdown.com
www.broadcom.com
www.nextplatform.com
devclass.com
blocksandfiles.com
situationpublishing.com

Subject Issuer	Validity	Valid
theregister.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
Frame ID: A383DF743C15328A91B9776DD186E292
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Avast releases DoNex ransomware decryptor • The Register

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

43
Requests

100 %
HTTPS

67 %
IPv6

8
Domains

8
Subdomains

9
IPs

3
Countries

775 kB
Transfer

2443 kB
Size

1
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://account.theregister.com/login?r=https%3A//www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
Title: Sign in / up

Search URL Search Domain Scan URL

URL: https://search.theregister.com/

Search URL Search Domain Scan URL

URL: https://whitepapers.theregister.com/
Title: Whitepapers

Search URL Search Domain Scan URL

URL: https://whitepapers.theregister.com/events/list/
Title: Webinars & Events

Search URL Search Domain Scan URL

URL: https://account.theregister.com/edit/newsletter/
Title: Newsletters

Search URL Search Domain Scan URL

URL: https://forums.theregister.com/forum/all/2024/07/08/avast_secretly_gave_donex_ransomware/
Title: 5

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Avast%20secretly%20gave%20DoNex%20ransomware%20decryptors%20to%20victims%20before%20crims%20vanished

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Avast%20secretly%20gave%20DoNex%20ransomware%20decryptors%20to%20victims%20before%20crims%20vanished&url=https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Avast%20secretly%20gave%20DoNex%20ransomware%20decryptors%20to%20victims%20before%20crims%20vanished&summary=Good%20riddance%20to%20another%20pesky%20tribe%20of%20miscreants

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp

Search URL Search Domain Scan URL

URL: https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Title: says

Search URL Search Domain Scan URL

URL: https://www.threatdown.com/blog/ransomware-review-july-2023/
Title: said

Search URL Search Domain Scan URL

URL: https://www.broadcom.com/support/security-center/protection-bulletin/darkrace-ransomware
Title: advisory

Search URL Search Domain Scan URL

URL: https://www.nextplatform.com/
Title: The Next Platform

Search URL Search Domain Scan URL

URL: https://devclass.com/
Title: DevClass

Search URL Search Domain Scan URL

URL: https://blocksandfiles.com/
Title: Blocks and Files

Search URL Search Domain Scan URL

URL: https://situationpublishing.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/ 65 KB
13 KB 170ms
124ms Document
text/html 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1910d36117f995d1c801daa2624b9aa007cccb241f858205aff28a0d8a10ad24

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a04c3a90e52aca7-TXL
content-encoding: gzip
content-length: 12180
content-type: text/html; charset=UTF-8
date: Tue, 09 Jul 2024 02:08:06 GMT
link: <https://pagead2.googlesyndication.com/tag/js/gpt.js>; rel=preload; as=script;,</design_picker/ad73f0378d78c8edf3fad8afd0088cfefd29bf88/javascript/_.js>; rel=preload; as=script;,</css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/scaffolding.css>; rel=preload; as=style;,</css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css>; rel=preload; as=style;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,</design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin;
server: cloudflare
vary: Accept-Encoding
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
x-reg-bofh: pfy02gb

GET
H3 200 gpt.js Show response
pagead2.googlesyndication.com/tag/js/ 98 KB
31 KB 165ms
82ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

845f015ffbc6154f4677ac03d125e038f738988298e8fd5c67a5b16ead810dfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31490
x-xss-protection: 0
server: cafe
etag: 780 / 19913 / m202407030101 / config-hash: 1739090749786419979
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 09 Jul 2024 02:08:06 GMT

GET
H3 200 _.js Show response
www.theregister.com/design_picker/ad73f0378d78c8edf3fad8afd0088cfefd29bf88/javascript/ 219 KB
62 KB 74ms
72ms Script
application/javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/ad73f0378d78c8edf3fad8afd0088cfefd29bf88/javascript/_.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d1f178561bf64b06c123b92dd8221290fabfdb1a257a1127dd0ee2c7e7ff48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: gzip
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Thu, 04 Jul 2024 08:26:55 GMT
server: cloudflare
cf-cache-status: HIT
age: 391530
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3a9efd1aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Tue, 29 Jul 2025 08:27:24 GMT

GET
H3 200 scaffolding.css
www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/ 41 KB
7 KB 79ms
75ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/scaffolding.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b18c67c183da5eadf9f83380721ed6abd89f0707d57980f8a0e98a83e2b47f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2878379
alt-svc: h3=":443"; ma=86400
content-length: 6432
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Wed, 05 Jun 2024 11:45:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy02gb
cf-ray: 8a04c3a9efd3aca7-TXL
expires: Mon, 30 Jun 2025 11:45:36 GMT

GET
H3 200 design.css
www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/ 58 KB
11 KB 113ms
109ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85dd35c4ece840b12ce39fa89be8c1a1a8d190cb6cb8614f4f7778c68284bf28

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2878379
alt-svc: h3=":443"; ma=86400
content-length: 10906
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Wed, 05 Jun 2024 11:45:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03gb
cf-ray: 8a04c3a9efd5aca7-TXL
expires: Mon, 30 Jun 2025 11:45:36 GMT

GET
H3 200 arimo-700.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ 25 KB
25 KB 50ms
46ms Font
font/woff2 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
Origin: https://www.theregister.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5804397
alt-svc: h3=":443"; ma=86400
content-length: 25628
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Tue, 04 Feb 2020 15:35:20 GMT
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.theregister.com
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03gb
cf-ray: 8a04c3a9efd6aca7-TXL
expires: Wed, 16 Apr 2025 03:23:34 GMT

GET
H3 200 arimo-400.latin.woff2
www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/ 26 KB
26 KB 113ms
110ms Font
font/woff2 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
Origin: https://www.theregister.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5804075
alt-svc: h3=":443"; ma=86400
content-length: 26144
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Tue, 04 Feb 2020 15:35:20 GMT
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: https://www.theregister.com
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy02gb
cf-ray: 8a04c3a9efdaaca7-TXL
expires: Mon, 25 Nov 2024 05:38:28 GMT

GET
H3 200 story_only.css
www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/ 74 KB
11 KB 142ms
140ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a69ae0fff67c1a5e2e470cd2411f25fbf3ca119243db34edbf4bd2e887ebcf8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2878379
alt-svc: h3=":443"; ma=86400
content-length: 11227
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Wed, 05 Jun 2024 11:45:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy02gb
cf-ray: 8a04c3a9efdcaca7-TXL
expires: Mon, 30 Jun 2025 11:45:36 GMT

GET
H3 200 rows.css
www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/ 42 KB
7 KB 144ms
143ms Stylesheet
text/css 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/rows.css

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31339f0267540a113f28a27de6f90239957dc4429eb3fcbdf1454413b66c13b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2878379
alt-svc: h3=":443"; ma=86400
content-length: 6583
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Wed, 05 Jun 2024 11:45:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy01gb
cf-ray: 8a04c3a9efe0aca7-TXL
expires: Mon, 30 Jun 2025 11:45:36 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
49 KB 139ms
51ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

122151075befe5fdb2a81a9ec6dea3c92ac911a5be7708b74db4d263d2360194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49766
x-xss-protection: 0
last-modified: Tue, 09 Jul 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Jul 2024 02:08:06 GMT

GET
H3 200 user_icon_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 573 B
555 B 53ms
51ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

455442b80b731817ad9e5b615c3ffcedbb9e351dc57b0f0298b77cdb5d11d57d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:25:31 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803668
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab0974aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Thu, 03 Apr 2025 02:20:45 GMT

GET
H3 200 user_icon_filled_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 630 B
587 B 74ms
72ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f1cb4af215bea1d20e63989d2bc87cd3b6daf71af4e59b6ab7875154cecbceb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:25:31 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804397
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab0979aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:06 GMT

GET
H3 200 reg_logo_no_strapline.svg
www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/ 5 KB
2 KB 48ms
46ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

391022a2690f18db5daf7a3bc0c5ad36f31b094da5a8912d57c775e5add18d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804075
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab097baca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 magnifying_glass_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/ 368 B
461 B 44ms
43ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cbf748e68bf2fb8da497de517cbd7826d44c6b278cec89e22a9e13e193e4ded

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:16:36 GMT
server: cloudflare
cf-cache-status: HIT
age: 530621
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab097caca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 burger_menu_white_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/ 309 B
462 B 44ms
42ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dd339c31b8ec482e001dad4fb52e6f8f138ad772b74a2d387943e10df3bbc48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:01:09 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804397
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3ab097faca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Mon, 16 Dec 2024 06:59:14 GMT

GET
H3 200 burger_menu_white_close_extents.svg
www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/ 379 B
458 B 43ms
41ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77a839fdcd5d30ced4fa6ca4dce35057cdb7e31f420b1f89fec3491cdf8c3f84

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Tue, 02 May 2023 08:01:09 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804075
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab0981aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Thu, 05 Dec 2024 05:49:05 GMT

GET
H3 200 bubble_comment_white.svg
www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/ 676 B
672 B 44ms
43ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804397
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab0982aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 vulture_red.svg
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/ 1 KB
878 B 145ms
144ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe083388f76e3adf62d2125ca792e750c814b06694f2362469ac82bb34a8e970

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:37:24 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804397
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3a9efe2aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 social_share_icon.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/ 659 B
641 B 51ms
50ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 08:01:18 GMT
server: cloudflare
cf-cache-status: HIT
age: 5280274
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3ab0983aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Mon, 25 Nov 2024 04:44:43 GMT

GET
H3 200 vulture_white.png
www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/ 403 B
660 B 96ms
96ms Image
image/png 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b711585f391ac5f348dc41253cf4ffba5d49ed997c17170c1fe2498ff13ea817

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5804075
alt-svc: h3=":443"; ma=86400
content-length: 403
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy02gb
cf-ray: 8a04c3aa385aaca7-TXL
expires: Sat, 12 Apr 2025 19:06:17 GMT

GET
H3 200 bubble_comment_white.svg
www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/ 676 B
0 27ms
26ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804397
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab0982aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 social_share_icon.svg
www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/ 659 B
0 33ms
33ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 08:01:18 GMT
server: cloudflare
cf-cache-status: HIT
age: 5280274
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3ab0983aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Mon, 25 Nov 2024 04:44:43 GMT

GET
H3 200 reddit.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
1 KB 42ms
42ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/reddit.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc879574756f32c9592427da6cd1248dd799b84b8ffaa746adcf447b17860a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803569
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3ab29ccaca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Tue, 24 Dec 2024 04:18:00 GMT

GET
H3 200 twitter.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
931 B 44ms
44ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/twitter.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b27718b0495bdcff98dc2358a0cf76271178c7e83b000f336610fc8994316ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803569
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab29cdaca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 facebook.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 1 KB
823 B 44ms
43ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/facebook.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed1744324b3aad05fe51ed96e388004a4716276884a66b9abd5cef359140d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803569
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3ab29cfaca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 linkedin.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
976 B 44ms
44ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/linkedin.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ef905e7d332a03311b4bb48d3894bccf04d8856a0e0a98ae98683538966025

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 1557918
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy01gb
cf-ray: 8a04c3ab29d1aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Mon, 02 Dec 2024 09:39:17 GMT

GET
H3 200 whatsapp.svg
www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/ 2 KB
956 B 46ms
45ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/abc39af2020bb49d21327163c08d9f54103a3f7f/graphics/social/round/whatsapp.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9d5ce7773dac38eff9082e13c7bc4307a7c4ba5e76cd95a2eb0faa0de662e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/story_only.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 23 Sep 2022 09:36:45 GMT
server: cloudflare
cf-cache-status: HIT
age: 5279514
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab29d3aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 20:26:22 GMT

GET
H3 200 bubble_comment_white.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/ 676 B
672 B 48ms
47ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_white.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803668
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab29d5aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Wed, 16 Apr 2025 03:23:40 GMT

GET
H3 200 bubble_comment_black.svg
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/ 892 B
783 B 49ms
49ms Image
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/graphics/icons/bubble_comment_black.svg

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d683ea3dda6066a1310b46c0e7bceec150db90ef0f33de34b15270f189479c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/css/90b4d568af29e8bcee4ddc9abf40a8797dbf7698/design.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:06 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5803668
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3ab29d9aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:07 GMT

GET
H3 200 pubads_impl.js Show response
pagead2.googlesyndication.com/pagead/managed/js/gpt/m202407030101/ 467 KB
145 KB 42ms
41ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202407030101/pubads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

f8ed2e4e6bc7d75dc8dab7d97ad92e7a611d82ff93d8692535fa9466ab3a3591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 17:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31004
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 148836
x-xss-protection: 0
server: cafe
etag: 13429486672346502663
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 08 Jul 2025 17:31:23 GMT

GET
H2 200 6978 Show response
fundingchoicesmessages.google.com/i/ 200 KB
66 KB 171ms
74ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/6978?ers=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/gpt/m202407030101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fcafefab73923d3dae535b1bfe6af798fe2e1b3b8f0eab6cfa341a5cc146f965

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9RTbKpMB7i6Ub2AwsCfmWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-9RTbKpMB7i6Ub2AwsCfmWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjCtDikmLw15BiOO90h-k6EEt8fcmkAcRO6TNYg4DYp34GawwQt948xzoViD8_Psf6G4iT_p1nLQLiJREXWQ8lXmQ9-Pgi60kgFuLhaN--aQubwIl5TQsYlTSS8gvjk_PzSooyk0pL8ovSktNSi1OLylKL4o0MjEwMzA3M9QzM4wsMAOCcOWo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWd3IL1zfMsWKuNYYhwjh7LN_bXyk7g8WrVZiT32p7wLrF7y1x0H7WRNLC6QIoE4wWoznz_YH1p6Fo4U0cmz13BGrtMt1Zsjsr1RPS5-PwlrvUDv-z1J3FLsxYRFGUfwMbg8hujeg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 134ms
54ms XHR
text/html 172.217.23.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWd3IL1zfMsWKuNYYhwjh7LN_bXyk7g8WrVZiT32p7wLrF7y1x0H7WRNLC6QIoE4wWoznz_YH1p6Fo4U0cmz13BGrtMt1Zsjsr1RPS5-PwlrvUDv-z1J3FLsxYRFGUfwMbg8hujeg==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.XaFZvc24zfY.es5.O/am=GAY/d=1/rs=AJlcJMzAShScpHCwbLXyrWlNK7ZrNMZT_w/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dhBBjhNLX0XdOL10l-SXcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-dhBBjhNLX0XdOL10l-SXcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw0ZBicEqfwRoCxJ8fn2P9DcRLIi6yHkm8yCrEw9G-fdMWNoEdbRMnMSm5JOUXxifn55Wk5pXoJqYU64LYRZlJpSX5RSjs1DKQipz89PTMvPR4IwMjEwNzA3M9A_P4AgMAIgsrKg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads.js Show response
www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ 27 B
283 B 49ms
49ms XHR
application/javascript 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/c00f80f04b0eaf0123d821f6c9488fc1cb55fd0a/javascript/ads.js

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/design_picker/ad73f0378d78c8edf3fad8afd0088cfefd29bf88/javascript/_.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5804393
alt-svc: h3=":443"; ma=86400
content-length: 27
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=33696000
accept-ranges: bytes
x-reg-bofh: pfy03gb
cf-ray: 8a04c3aedfaaaca7-TXL
expires: Tue, 24 Dec 2024 06:15:41 GMT

GET
H2 200 AGSKWxUVf_WpjcrwiZaulU81yWXHyLUYojqYv2DB8e0oeBdC0kIMRheSCT4HCdm6WFcNhgVvAXrgPKsa1OxpIplWD9b__neGEGvI4jIQkpTeoJZeRX1eiDDIDycQ7Di4bMTLhI4JeWajDw== Show response
fundingchoicesmessages.google.com/f/ 393 KB
61 KB 130ms
129ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUVf_WpjcrwiZaulU81yWXHyLUYojqYv2DB8e0oeBdC0kIMRheSCT4HCdm6WFcNhgVvAXrgPKsa1OxpIplWD9b__neGEGvI4jIQkpTeoJZeRX1eiDDIDycQ7Di4bMTLhI4JeWajDw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzIwNDkwODg3LDQ4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cudGhlcmVnaXN0ZXIuY29tLzIwMjQvMDcvMDgvYXZhc3Rfc2VjcmV0bHlfZ2F2ZV9kb25leF9yYW5zb213YXJlLyIsbnVsbCxbWzgsIlhhRlp2YzI0emZZIl0sWzksImRlIl0sWzIyLCJmYWxzZSJdLFsxOSwiMSJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

225ae209c027fe67a994cca1c56ac952c5b3f2886184457139b2753dc67760ab

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-OCn0UlRUrDmsajeFgXPKrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-OCn0UlRUrDmsajeFgXPKrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjCtDikmLw05BiOO90h-k6EEt8fcmkAcRO6TNYg4DYp34GawwQt948xzoViD8_Psf6G4iT_p1nLQLiJREXWQ8lXmQ9-Pgi60kgFuLhaN--aQubwIbni2YyKWkk5RfGJ-fnlRRlJpWW5BelJaelFqcWlaUWxRsZGJkYmBuY6xmYxxcYAADtZTm0"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 332 KB
108 KB 62ms
61ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b49e91ca5c7ff6488fdd879a3466e40aa9f85c7da37f13443df7edf485d8032d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 110757
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 09 Jul 2024 02:08:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 109 KB
6 KB 158ms
53ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.XaFZvc24zfY.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwGPvaxiQIpvT6lL1MGrfIIWFNS_Q/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

26b9e3e98b9415b99775a736fa1a3af32402746c2bf7746411bea496c44e4b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Jul 2024 02:08:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Jul 2024 02:08:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Jul 2024 02:08:07 GMT

GET
H2 200 0bmF_lVuCaRreWMoIZKH968R0hmCLM05YD-kGuIdzoXMAK9u5DjPJUZliReswwJL3axR5R3qDHyKEbqpdKnpJ64eHkVDxzAFhzVo3FB7MOIwfmsbhGxhNg=h60
lh3.googleusercontent.com/ 4 KB
4 KB 142ms
39ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0bmF_lVuCaRreWMoIZKH968R0hmCLM05YD-kGuIdzoXMAK9u5DjPJUZliReswwJL3axR5R3qDHyKEbqpdKnpJ64eHkVDxzAFhzVo3FB7MOIwfmsbhGxhNg=h60

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c666af1bf578a302713630b21d72e405985f952d7dce575c7768ecf23e1a67d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 23:47:13 GMT
x-content-type-options: nosniff
age: 8454
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4080
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 09 Jul 2024 23:47:13 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
126 KB 139ms
41ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: www.theregister.com
URL: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
Origin: https://www.theregister.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 04 Jul 2024 18:40:54 GMT
x-content-type-options: nosniff
age: 372433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Jul 2025 18:40:54 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 151ms
51ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-JXW44Y23NM&gtm=45je4730v887771649za200&_p=1720490887492&gcs=G100&gcd=13p3pPl2l7&npa=1&dma_cps=-&dma=1&tcfd=10001&tag_exp=0&cid=54564326.1720490888&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&ngs=1&_s=1&sid=1720490887&sct=1&seg=0&dl=https%3A%2F%2Fwww.theregister.com%2F2024%2F07%2F08%2Favast_secretly_gave_donex_ransomware%2F&dt=Avast%20releases%20DoNex%20ransomware%20decryptor%20%E2%80%A2%20The%20Register&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.reg_uid=(reg_unknown)&ep.reg_auth=Connor%20Jones&ep.reg_sec=reg_specialfeatures%2Fmalwaremonth&ep.reg_pt=www%20story&ep.reg_cat=news&ep.reg_alm=(reg_empty)&ep.reg_akwp=security%2C&ep.reg_uls=noconsent&ep.reg_prev_pt=noconsent&ep.reg_prev_ut=noconsent&ep.reg_d11=noconsent&ep.reg_d12=noconsent&ep.reg_d14=noconsent&ep.reg_ded=noconsent&ep.reg_dorg=noconsent&ep.reg_ab_var=noconsent&ep.reg_seg=noconsent&ep.reg_aid=235009&ep.reg_asec=special_features%2Fmalware_month&ep.reg_akw=avast%2Ccybercrime%2Ccybersecurity%2Cmalware%2Cransomware%2C&ep.reg_vfc=noconsent&ep.reg_bet=noconsent&ep.reg_noz=noconsent&ep.anonymize_ip=true&tfd=1221&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JXW44Y23NM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Jul 2024 02:08:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWd3IL1zfMsWKuNYYhwjh7LN_bXyk7g8WrVZiT32p7wLrF7y1x0H7WRNLC6QIoE4wWoznz_YH1p6Fo4U0cmz13BGrtMt1Zsjsr1RPS5-PwlrvUDv-z1J3FLsxYRFGUfwMbg8hujeg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Uk0fSZuiIG2MJAAeeIJYrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-Uk0fSZuiIG2MJAAeeIJYrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw15BicEqfwRoCxJ8fn2P9DcRLIi6yHkm8yCrEw9G-fdMWNoEJ7-e8YlJyScovjE_OzytJzSvRTUwp1gWxizKTSkvyi1DYqWUgFTn56emZeenxRgZGJgbmBuZ6BubxBQYAVWAr2Q"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWd3IL1zfMsWKuNYYhwjh7LN_bXyk7g8WrVZiT32p7wLrF7y1x0H7WRNLC6QIoE4wWoznz_YH1p6Fo4U0cmz13BGrtMt1Zsjsr1RPS5-PwlrvUDv-z1J3FLsxYRFGUfwMbg8hujeg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ckhYvsgOLAK34uY5gy5cYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.theregister.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 09 Jul 2024 02:08:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-ckhYvsgOLAK34uY5gy5cYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw15BicEqfwRoCxJ8fn2P9DcRLIi6yHkm8yCrEw9G-fdMWNoEXm3e-ZVJyScovjE_OzytJzSvRTUwp1gWxizKTSkvyi1DYqWUgFTn56emZeenxRgZGJgbmBuZ6BubxBQYAZu0sFQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.theregister.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 favicon.svg
www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/ 3 KB
2 KB 53ms
53ms Other
image/svg+xml 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e08434b894e29942adb095bf2d6f493ffd8e2aee21e8ad147f59e9bc2d400b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:08 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Mon, 27 Feb 2023 10:14:08 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804077
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=33696000
x-reg-bofh: pfy02gb
cf-ray: 8a04c3b22d03aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:09 GMT

GET
H3 200 favicon.ico
www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/ 15 KB
2 KB 41ms
41ms Other
image/x-icon 104.18.5.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.theregister.com/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.5.22 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0eadb5eb6ca47c35791250e31d41b66d9e7098ee6e74a3af1d4b75f5d11164e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 02:08:08 GMT
content-encoding: br
x-clacks-overhead: GNU Terry Pratchett, Lester Haines
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 15:10:58 GMT
server: cloudflare
cf-cache-status: HIT
age: 5804077
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=33696000
x-reg-bofh: pfy03gb
cf-ray: 8a04c3b28d88aca7-TXL
alt-svc: h3=":443"; ma=86400
expires: Sat, 12 Apr 2025 16:09:30 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.theregister.com/	1970-01-21 06:40:26	Name: bucket Value: 741

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
lh3.googleusercontent.com
pagead2.googlesyndication.com
region1.google-analytics.com
www.googletagmanager.com
www.theregister.com
104.18.5.22
142.250.185.194
172.217.23.110
2001:4860:4802:34::36
2a00:1450:4001:800::200e
2a00:1450:4001:808::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:829::200a
2a00:1450:4001:831::2008
122151075befe5fdb2a81a9ec6dea3c92ac911a5be7708b74db4d263d2360194
1910d36117f995d1c801daa2624b9aa007cccb241f858205aff28a0d8a10ad24
225ae209c027fe67a994cca1c56ac952c5b3f2886184457139b2753dc67760ab
26b9e3e98b9415b99775a736fa1a3af32402746c2bf7746411bea496c44e4b80
2e08434b894e29942adb095bf2d6f493ffd8e2aee21e8ad147f59e9bc2d400b0
31339f0267540a113f28a27de6f90239957dc4429eb3fcbdf1454413b66c13b2
391022a2690f18db5daf7a3bc0c5ad36f31b094da5a8912d57c775e5add18d57
41ef905e7d332a03311b4bb48d3894bccf04d8856a0e0a98ae98683538966025
455442b80b731817ad9e5b615c3ffcedbb9e351dc57b0f0298b77cdb5d11d57d
53161434a4d50d2b984e91b332463b641b6842578c1f37a1ed81cbdc0a7794c6
5dd339c31b8ec482e001dad4fb52e6f8f138ad772b74a2d387943e10df3bbc48
68d1f178561bf64b06c123b92dd8221290fabfdb1a257a1127dd0ee2c7e7ff48
6b4f41c53446bee5ce03284672b4607e4a6ff941cae00ec006411b05a62fbe7a
77a839fdcd5d30ced4fa6ca4dce35057cdb7e31f420b1f89fec3491cdf8c3f84
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
83de4b8fb218ece4dc1c59006f00e44aaee17e78923c65ba66acf0ad41a7a5cc
845f015ffbc6154f4677ac03d125e038f738988298e8fd5c67a5b16ead810dfa
85dd35c4ece840b12ce39fa89be8c1a1a8d190cb6cb8614f4f7778c68284bf28
87d683ea3dda6066a1310b46c0e7bceec150db90ef0f33de34b15270f189479c
9cbf748e68bf2fb8da497de517cbd7826d44c6b278cec89e22a9e13e193e4ded
9f1cb4af215bea1d20e63989d2bc87cd3b6daf71af4e59b6ab7875154cecbceb
a69ae0fff67c1a5e2e470cd2411f25fbf3ca119243db34edbf4bd2e887ebcf8f
b18c67c183da5eadf9f83380721ed6abd89f0707d57980f8a0e98a83e2b47f67
b27718b0495bdcff98dc2358a0cf76271178c7e83b000f336610fc8994316ef1
b49e91ca5c7ff6488fdd879a3466e40aa9f85c7da37f13443df7edf485d8032d
b711585f391ac5f348dc41253cf4ffba5d49ed997c17170c1fe2498ff13ea817
b9d5ce7773dac38eff9082e13c7bc4307a7c4ba5e76cd95a2eb0faa0de662e34
c0eadb5eb6ca47c35791250e31d41b66d9e7098ee6e74a3af1d4b75f5d11164e
c666af1bf578a302713630b21d72e405985f952d7dce575c7768ecf23e1a67d6
ccc879574756f32c9592427da6cd1248dd799b84b8ffaa746adcf447b17860a5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed1744324b3aad05fe51ed96e388004a4716276884a66b9abd5cef359140d5
ea8c1cbf9732fae6a42b6261c238014eab34943fac5a34711081a62b7cc2eba9
f6ad8750b8ff72f993d9c45d51e02f31aa20834a48f78644953949afa7a6f8ca
f8ed2e4e6bc7d75dc8dab7d97ad92e7a611d82ff93d8692535fa9466ab3a3591
fcafefab73923d3dae535b1bfe6af798fe2e1b3b8f0eab6cfa341a5cc146f965
fe083388f76e3adf62d2125ca792e750c814b06694f2362469ac82bb34a8e970

www.theregister.com Open in urlscan Pro 104.18.5.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

43 Requests

100 %HTTPS

67 %IPv6

8 Domains

8 Subdomains

9 IPs

3 Countries

775 kBTransfer

2443 kBSize

1 Cookies

18 Outgoing links

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.theregister.com Open in urlscan Pro
104.18.5.22 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

100 %
HTTPS

67 %
IPv6

8
Domains

8
Subdomains

9
IPs

3
Countries

775 kB
Transfer

2443 kB
Size

1
Cookies

43 HTTP transactions
0 data transactions