urlscan.io logo urlscan.io
SecurityTrails logo

en.softonic.com Open in urlscan Pro
35.233.114.27  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/3pqwIUYoWh
Effective URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera1...
Submission: On July 30 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 57 IPs in 5 countries across 38 domains to perform 162 HTTP transactions. The main IP is 35.233.114.27, located in Ann Arbor, United States and belongs to GOOGLE - Google LLC, US. The main domain is en.softonic.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on September 26th 2017. Valid for: 3 years.
This is the only time en.softonic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.133 13414 (TWITTER)
1 1 2a03:2880:f12... 32934 (FACEBOOK)
2 35.233.114.27 15169 (GOOGLE)
2 152.195.132.202 15133 (EDGECAST)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
18 151.101.114.133 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
7 205.185.216.10 20446 (HIGHWINDS3)
8 54.230.44.136 16509 (AMAZON-02)
3 63.215.202.80 25751 (VALUECLICK)
1 2.18.234.21 16625 (AKAMAI-AS)
4 69.173.144.142 26667 (RUBICONPR...)
1 178.250.2.89 44788 (ASN-CRITE...)
2 185.33.223.208 29990 (ASN-APPNEXUS)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 172.217.16.194 15169 (GOOGLE)
12 151.101.114.2 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
1 216.58.208.34 15169 (GOOGLE)
1 23.111.11.83 54104 (AS-STACKPATH)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:2800:234... 15133 (EDGECAST)
2 5 104.111.214.103 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
9 2.18.234.36 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 54.230.44.116 16509 (AMAZON-02)
7 52.7.226.127 14618 (AMAZON-AES)
1 178.250.2.130 44788 (ASN-CRITE...)
2 205.185.216.42 20446 (HIGHWINDS3)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 50.17.52.222 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.111.238.79 16625 (AKAMAI-AS)
1 2 172.227.114.224 20940 (AKAMAI-ASN1)
1 54.192.47.197 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
1 192.0.73.2 2635 (AUTOMATTIC)
1 2 52.54.14.45 14618 (AMAZON-AES)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 23.111.9.217 54104 (AS-STACKPATH)
7 34.226.181.234 14618 (AMAZON-AES)
2 34.247.139.16 16509 (AMAZON-02)
5 2606:2800:234... 15133 (EDGECAST)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.230.44.203 16509 (AMAZON-02)
1 54.209.69.152 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 104.244.42.136 13414 (TWITTER)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2a05:f500:10:... 14413 (LINKEDIN)
1 2 2a03:2880:f12... 32934 (FACEBOOK)
1 104.111.230.142 16625 (AKAMAI-AS)
162 57
1    104.244.42.133 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
t.co
1    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
fb.me
2    35.233.114.27 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 27.114.233.35.bc.googleusercontent.com
en.softonic.com
2    152.195.132.202 (Ashburn, United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
cdn.cookielaw.org
2    2400:cb00:2048:1::6810:d0a5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.onesignal.com
onesignal.com
18    151.101.114.133 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
sc.sftcdn.net
1    2a00:1450:4001:816::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
7    205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
cdn.playwire.com
8    54.230.44.136 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-44-136.fra6.r.cloudfront.net
articles-images.sftcdn.net
3    63.215.202.80 (Amsterdam, Netherlands)

ASN25751 (VALUECLICK - Conversant, Inc., US)
PTR: tracking-ams5.cj.com
www.anrdoezrs.net
1    2.18.234.21 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
as-sec.casalemedia.com
4    69.173.144.142 (Smithfield, United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
fastlane.rubiconproject.com
1    178.250.2.89 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
bidder.criteo.com
2    185.33.223.208 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
ib.adnxs.com
1    2a00:1450:4001:817::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    2a00:1450:4001:815::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de
2    2a00:1450:4001:825::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
5    172.217.16.194 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f194.1e100.net
securepubads.g.doubleclick.net
12    151.101.114.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
cdn.taboola.com
trc.taboola.com
images.taboola.com
3    2a00:1450:400e:80a::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f34.1e100.net
www.googleadservices.com
1    23.111.11.83 (Phoenix, United States)

ASN54104 (AS-STACKPATH - netDNA, US)
a.optnmstr.com
4    2a00:1450:4001:817::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
1    2606:2800:234:13d4:25ff:664:671:13a5 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
aka-cdn-ns.adtechus.com
5    104.111.214.103 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
2    2a00:1450:4001:814::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com
9    2.18.234.36 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-36.deploy.static.akamaitechnologies.com
cdns.gigya.com
cdns.eu1.gigya.com
cdns2.gigya.com
cdns1.gigya.com
3    2a00:1450:4001:81c::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
5    2a00:1450:4001:817::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ampcid.google.com
apis.google.com
1    54.230.44.116 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-44-116.fra6.r.cloudfront.net
b-code.liadm.com
7    52.7.226.127 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-7-226-127.compute-1.amazonaws.com
echo.intergient.com
1    178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net
config.playwire.com
cdn.video.playwire.com
2    2a00:1450:4001:817::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
2    2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
4    50.17.52.222 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-50-17-52-222.compute-1.amazonaws.com
api.optmnstr.com
1    2a00:1450:4001:81c::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
ampcid.google.de
1    104.111.238.79 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-238-79.deploy.static.akamaitechnologies.com
tags.bkrtx.com
2    172.227.114.224 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a172-227-114-224.deploy.static.akamaitechnologies.com
stags.bluekai.com
1    54.192.47.197 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-47-197.fra6.r.cloudfront.net
c.amazon-adsystem.com
6    2a00:1450:4001:81e::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
1    192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
2.gravatar.com
2    52.54.14.45 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-54-14-45.compute-1.amazonaws.com
c.liadm.com
1    2a00:1450:400c:c0a::9c (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    23.111.9.217 (Phoenix, United States)

ASN54104 (AS-STACKPATH - netDNA, US)
a.optmnstr.com
7    34.226.181.234 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-226-181-234.compute-1.amazonaws.com
echo.intergient.com
2    34.247.139.16 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-247-139-16.eu-west-1.compute.amazonaws.com
login.softonic.com
5    2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.twitter.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
staticxx.facebook.com
1    2a00:1450:4001:817::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
1    54.230.44.203 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-44-203.fra6.r.cloudfront.net
m.sftcdn.net
1    54.209.69.152 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-209-69-152.compute-1.amazonaws.com
i.liadm.com
1    2a00:1450:4001:817::200d (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
accounts.google.com
2    104.244.42.136 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
syndication.twitter.com
1    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
1    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.linkedin.com
2    2a03:2880:f12d:86:face:b00c:0:50fb (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
1    104.111.230.142 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
Apex Domain
Subdomains		 Transfer
27 sftcdn.net
sc.sftcdn.net
articles-images.sftcdn.net
m.sftcdn.net
617 KB
14 intergient.com
echo.intergient.com
6 KB
12 taboola.com
cdn.taboola.com
trc.taboola.com
images.taboola.com
266 KB
10 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
174 KB
10 google.com
adservice.google.com
ampcid.google.com
www.google.com
apis.google.com
accounts.google.com
107 KB
9 gigya.com
cdns.gigya.com
cdns.eu1.gigya.com
cdns2.gigya.com
cdns1.gigya.com
125 KB
9 doubleclick.net
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
95 KB
9 playwire.com
cdn.playwire.com
config.playwire.com
cdn.video.playwire.com
174 KB
7 twitter.com
platform.twitter.com
syndication.twitter.com
37 KB
5 optmnstr.com
api.optmnstr.com
a.optmnstr.com
46 KB
5 scorecardresearch.com
sb.scorecardresearch.com
3 KB
5 google.de
adservice.google.de
www.google.de
ampcid.google.de
922 B
5 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
7 KB
4 facebook.com
staticxx.facebook.com
graph.facebook.com
www.facebook.com
2 KB
4 liadm.com
b-code.liadm.com
c.liadm.com
i.liadm.com
10 KB
4 softonic.com
en.softonic.com
login.softonic.com
19 KB
3 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
67 KB
3 google-analytics.com
www.google-analytics.com
34 KB
3 anrdoezrs.net
www.anrdoezrs.net
72 KB
2 bluekai.com
stags.bluekai.com
967 B
2 adnxs.com
ib.adnxs.com
1 KB
2 onesignal.com
cdn.onesignal.com
onesignal.com
68 KB
2 cookielaw.org
cdn.cookielaw.org
18 KB
1 linkedin.com
www.linkedin.com
1 KB
1 facebook.net
connect.facebook.net
67 KB
1 gravatar.com
2.gravatar.com
4 KB
1 amazon-adsystem.com
c.amazon-adsystem.com
7 KB
1 bkrtx.com
tags.bkrtx.com
31 KB
1 criteo.net
static.criteo.net
12 KB
1 adtechus.com
aka-cdn-ns.adtechus.com
68 KB
1 optnmstr.com
a.optnmstr.com
45 KB
1 googleadservices.com
www.googleadservices.com
7 KB
1 googletagmanager.com
www.googletagmanager.com
39 KB
1 criteo.com
bidder.criteo.com
189 B
1 casalemedia.com
as-sec.casalemedia.com
962 B
1 googletagservices.com
www.googletagservices.com
8 KB
1 fb.me
fb.me
1 KB
1 t.co
t.co
494 B
162 38
Domain Requested by
18 sc.sftcdn.net en.softonic.com
sc.sftcdn.net
cdn.playwire.com
14 echo.intergient.com cdn.playwire.com
en.softonic.com
8 articles-images.sftcdn.net en.softonic.com
7 cdn.playwire.com en.softonic.com
cdn.playwire.com
6 images.taboola.com en.softonic.com
6 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
en.softonic.com
5 platform.twitter.com cdns.gigya.com
platform.twitter.com
5 sb.scorecardresearch.com 2 redirects cdn.taboola.com
en.softonic.com
5 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
en.softonic.com
4 apis.google.com cdns.gigya.com
apis.google.com
4 api.optmnstr.com a.optnmstr.com
ajax.googleapis.com
4 cdns.gigya.com sc.sftcdn.net
cdns.gigya.com
en.softonic.com
4 tpc.googlesyndication.com securepubads.g.doubleclick.net
4 cdn.taboola.com en.softonic.com
cdn.taboola.com
4 fastlane.rubiconproject.com sc.sftcdn.net
3 cdns.eu1.gigya.com cdns.gigya.com
3 googleads.g.doubleclick.net www.googleadservices.com
pagead2.googlesyndication.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
en.softonic.com
3 www.anrdoezrs.net en.softonic.com
www.anrdoezrs.net
2 www.facebook.com 1 redirects connect.facebook.net
2 syndication.twitter.com 1 redirects en.softonic.com
2 login.softonic.com cdns.gigya.com
2 c.liadm.com 1 redirects en.softonic.com
2 trc.taboola.com cdn.taboola.com
2 stags.bluekai.com 1 redirects tags.bkrtx.com
2 www.google.de en.softonic.com
2 www.google.com 1 redirects en.softonic.com
2 ajax.googleapis.com cdn.cookielaw.org
a.optmnstr.com
2 adservice.google.com www.googletagservices.com
pagead2.googlesyndication.com
2 adservice.google.de www.googletagservices.com
pagead2.googlesyndication.com
2 ib.adnxs.com sc.sftcdn.net
cdn.playwire.com
2 cdn.cookielaw.org en.softonic.com
2 en.softonic.com t.co
sc.sftcdn.net
1 eus.rubiconproject.com sc.sftcdn.net
1 www.linkedin.com cdns1.gigya.com
1 graph.facebook.com cdns1.gigya.com
1 staticxx.facebook.com connect.facebook.net
1 accounts.google.com apis.google.com
1 i.liadm.com b-code.liadm.com
1 m.sftcdn.net en.softonic.com
1 fonts.googleapis.com sc.sftcdn.net
1 connect.facebook.net cdns.gigya.com
1 cdns1.gigya.com cdns.gigya.com
1 a.optmnstr.com a.optnmstr.com
1 stats.g.doubleclick.net 1 redirects
1 cdns2.gigya.com en.softonic.com
1 2.gravatar.com en.softonic.com
1 c.amazon-adsystem.com cdn.playwire.com
1 cdn.video.playwire.com www.google-analytics.com
1 tags.bkrtx.com cdn.playwire.com
1 ampcid.google.de www.google-analytics.com
1 config.playwire.com cdn.playwire.com
1 static.criteo.net sc.sftcdn.net
1 b-code.liadm.com www.googletagmanager.com
1 ampcid.google.com www.google-analytics.com
1 aka-cdn-ns.adtechus.com en.softonic.com
1 a.optnmstr.com t.co
1 www.googleadservices.com www.googletagmanager.com
1 www.googletagmanager.com en.softonic.com
1 bidder.criteo.com sc.sftcdn.net
1 as-sec.casalemedia.com sc.sftcdn.net
1 onesignal.com cdn.onesignal.com
1 www.googletagservices.com en.softonic.com
1 cdn.onesignal.com en.softonic.com
1 fb.me 1 redirects
1 t.co
162 66
Subject Issuer Validity Valid
t.co
DigiCert SHA2 Extended Validation Server CA		 2017-07-25 -
2018-11-05		 a year crt.sh
softonic.com
COMODO RSA Domain Validation Secure Server CA		 2017-09-26 -
2020-12-24		 3 years crt.sh
cdns.gigya.com
DigiCert SHA2 Secure Server CA		 2018-01-05 -
2019-01-05		 a year crt.sh
odc-prod-01.oracle.com
DigiCert ECC Secure Server CA		 2018-01-30 -
2019-01-29		 a year crt.sh
*.playwire.com
Go Daddy Secure Certificate Authority - G2		 2016-11-15 -
2019-01-21		 2 years crt.sh
tpc.googlesyndication.com
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
login.softonic.com
COMODO RSA Domain Validation Secure Server CA		 2018-06-05 -
2019-06-05		 a year crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
*.apis.google.com
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2017-12-02 -
2018-12-05		 a year crt.sh
*.liadm.com
Amazon		 2018-01-08 -
2019-02-08		 a year crt.sh
accounts.google.com
Google Internet Authority G3		 2018-06-19 -
2018-08-28		 2 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2016-01-12 -
2019-03-01		 3 years crt.sh

This page contains 21 frames:

Primary Page: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Frame ID: D80159E53E9C428D96B9CE52927F19C5
Requests: 135 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&version=latest
Frame ID: CD6CF4F32F85EA10AB5F0E40ABE2F375
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/51679?dt=0&r=2133470671&sig=1612309438&bkca=KJhkDzamyp91djgrkikgsRJeetCE9ucWjxCh3gnDqS1kzD7za4TKjb+QivivU88MIf669JD2mqLRKrmoNmQJwBV1/DYAZOUq7HkikZXGscN/T9s7nJzfjciwtakQ61N9bMbQuXhntNgMWtGDvx8q7nhaNSHVhfuOfMNSfnfT9sAKvK15GNknUKXwBqs9jtD7aDY6hkgQKgZjC6MTjnUHGs55Lk4chm6Ow/5Zc7z3VWF8h/s1QlMjdze5nX2eRv/7RLwaUjjUdBauL2m3sebZh25l4mLFf2+dNXWF/fSWlZQr510GxWjqR/VPItBW7B2vdJGx0RJ/OLuF41ciKRZEIv0GH7nNdJ+TI78LVyC3JjLX0b2EpAaMHLKoiBGGmf1HhbYOVjG1XPr4hjNuVgkOZzfd5a+RTy0PvfA/8KlbSol48wAlBCIIyQ==
Frame ID: DF16B2E548471961F2E028FDAA588618
Requests: 1 HTTP requests in this frame

Frame: https://cdn.playwire.com/bolt/js/zeus/frame-8514f8e43e-8ded83043a.html
Frame ID: 2E98B6ABBA7F6FEFBB98023A87C5A48B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: A2250A280FA750274208A2D654769CEB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Frame ID: 83A5F40ABB6711068F5A720B2784FED5
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Frame ID: D11A39536023ACEEC0E450113DC7E04E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180725/r20180604/zrt_lookup.html
Frame ID: B747CCF11BD86768CD361597988E2C36
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/show_ads_impl.js
Frame ID: 702D79FC4A73471EA2392B13BDDDADFF
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w&ssoSegment=&version=latest&build=1636
Frame ID: BCE552BE51280B4110184A8A2A22F202
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9488838626649539&output=html&h=190&slotname=2267385248&adk=867463667&adf=3279755396&w=300&rafmt=10&npa=1&guci=1.2.0.0.2.1.0&format=300x190_0ads_al&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ea=0&flash=0&wgl=1&adsid=NT&dt=1532978801813&bpp=25&bdt=750&fdt=28&idt=153&shv=r20180725&cbv=r20180604&saldr=aa&correlator=6383229769023&frm=23&ife=4&pv=2&ga_vid=2128596258.1532978801&ga_sid=1532978802&ga_hid=814910034&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=11&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1133&ady=260&biw=1585&bih=1200&isw=300&ish=250&ifk=4188909409&scr_x=0&scr_y=0&eid=10573695%2C21060853%2C21062171%2C368226400%2C828064254%2C21061796&oid=3&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=148&bc=7&osw_key=442837976&ifi=1&fsb=1&dtd=190
Frame ID: BCBA4DC95330B1CB4DC2834D3D52C7C8
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&height=&width=&hl=en&origin=https%3A%2F%2Fen.softonic.com&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
Frame ID: 0833D9DD5A4E22E869249C78B9E5327E
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html?origin=https%3A%2F%2Fen.softonic.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: F6AAA2F4BC9BD7AE8ED95EA7075FC779
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-00k5?s=&cim=&ps=true&ls=false&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&domainSessionId=898d0c91-3477-4600-a0f9-3380b4db45d6&ppid=0&ci=0&version=sc-2.1.0&nosync=false&
Frame ID: C84F94AB5B2F3F3CB6359736123E49A3
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w&ssoSegment=&version=latest&build=1636
Frame ID: BF8DB28E3F1A0559B4494ABC777B0FA6
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fen.softonic.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
Frame ID: 8649141A69FEFCBBEF548FC7660D95EE
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.en.html
Frame ID: 06C3C568B5D39EA1E55AA44C126B6FE4
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/bSTT5dUx9MY.js?version=42
Frame ID: 8AFCFEFFBF0E4038ED9832F57C897F10
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 09AEA358AFC5F78377A2955B299DB9C6
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25
Frame ID: 2CF0125242456A5EA4E92CF0FFD70A6B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw
Frame ID: 246F51D1D141CA8F55B75B43BDE84309
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://t.co/3pqwIUYoWh Page URL
  2. https://fb.me/1Vw5tGEGT HTTP 301
    https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /pbjs/i
Overall confidence: 100%
Detected patterns
  • env /^criteo/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^googletag$/i
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • env /^_?COMSCORE$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i

Page Statistics

162
Requests

14 %
HTTPS

41 %
IPv6

38
Domains

66
Subdomains

57
IPs

5
Countries

2236 kB
Transfer

5547 kB
Size

33
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/3pqwIUYoWh Page URL
  2. https://fb.me/1Vw5tGEGT HTTP 301
    https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Request Chain 61
  • https://sb.scorecardresearch.com/b?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Request Chain 78
  • https://stags.bluekai.com/site/51679?ret=html&phint=content_interests%3DTips%2Ctricks%2CHow%20To%2CGoogle%2Cgoogle%20chrome%2COffline%2Cdata%2CDownload%2Ctv%2Ctechnology%2Centertainment&phint=__bk_t%3DMalware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Ft.co%2F3pqwIUYoWh&phint=__bk_l%3Dhttps%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&limit=10&r=95452822 HTTP 302
  • https://stags.bluekai.com/site/51679?dt=0&r=2133470671&sig=1612309438&bkca=KJhkDzamyp91djgrkikgsRJeetCE9ucWjxCh3gnDqS1kzD7za4TKjb+QivivU88MIf669JD2mqLRKrmoNmQJwBV1/DYAZOUq7HkikZXGscN/T9s7nJzfjciwtakQ61N9bMbQuXhntNgMWtGDvx8q7nhaNSHVhfuOfMNSfnfT9sAKvK15GNknUKXwBqs9jtD7aDY6hkgQKgZjC6MTjnUHGs55Lk4chm6Ow/5Zc7z3VWF8h/s1QlMjdze5nX2eRv/7RLwaUjjUdBauL2m3sebZh25l4mLFf2+dNXWF/fSWlZQr510GxWjqR/VPItBW7B2vdJGx0RJ/OLuF41ciKRZEIv0GH7nNdJ+TI78LVyC3JjLX0b2EpAaMHLKoiBGGmf1HhbYOVjG1XPr4hjNuVgkOZzfd5a+RTy0PvfA/8KlbSol48wAlBCIIyQ==
Request Chain 96
  • https://c.liadm.com/i?e=pv&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&page=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&refr=https%3A%2F%2Ft.co%2F3pqwIUYoWh&aid=a-00k5&sid=898d0c91-3477-4600-a0f9-3380b4db45d6&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&p=web&tna=liveIntentPublisherTracker&tv=pub-2.0.4& HTTP 302
  • https://c.liadm.com/i?e=pv&&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&refr=https://t.co/3pqwIUYoWh&aid=a-00k5&tna=liveIntentPublisherTracker&page=Malware-filled+Chrome+extensions+have+been+downloaded+500K+times&tv=pub-2.0.4&n3pc=true&p=web&sid=898d0c91-3477-4600-a0f9-3380b4db45d6
Request Chain 102
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&gjid=1419254201&_gid=367335337.1532978801&_u=aCjAgAADQAQC~&z=2083052158 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158&slf_rd=1&random=1361110352
Request Chain 145
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html
Request Chain 150
  • https://www.facebook.com/plugins/comments.php?api_key=&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25 HTTP 302
  • https://www.facebook.com/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25

162 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
3pqwIUYoWh
t.co/ 		224 B
494 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/3pqwIUYoWh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/3pqwIUYoWh
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5

Response headers

status
200
cache-control
private,max-age=300
content-encoding
gzip
content-length
176
content-type
text/html; charset=utf-8
date
Mon, 30 Jul 2018 19:26:40 GMT
expires
Mon, 30 Jul 2018 19:31:40 GMT
server
tsa_o
set-cookie
muc=0cc6c4f6-8d8e-495e-bd52-dd64a6293540; Expires=Wed, 29 Jul 2020 19:26:40 GMT; Domain=t.co
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
8a9ed80e913e885d9c45d701cd1c183d
x-response-time
122
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
Primary Request malware-filled-chrome-extensions-have-been-downloaded-500000-times
en.softonic.com/articles/
Redirect Chain
  • https://fb.me/1Vw5tGEGT
  • https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
86 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Requested by
Host: t.co
URL: https://t.co/3pqwIUYoWh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.233.114.27 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
27.114.233.35.bc.googleusercontent.com
Software
nginx/1.13.12 /
Resource Hash
30f36d6ca25e2f6784ee07c4384694fa918c8dc5dc4fc2528ef8f6f0d5efcce0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
en.softonic.com
:scheme
https
:path
/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://t.co/3pqwIUYoWh
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://t.co/3pqwIUYoWh

Response headers

status
200
server
nginx/1.13.12
date
Mon, 30 Jul 2018 19:26:40 GMT
content-type
text/html; charset=utf-8
x-request-id
db0b33a13f97f129d33316df5df28969
content-language
en-US
x-rendered-as
desktop
x-detected-as
desktop
x-page-id
article
x-is-bot
false
x-served-by
server-6c7ff89548-gztwl
x-version
1.992.0
set-cookie
glt_3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT softSession=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT _swo_pos=620; Max-Age=1296000; Expires=Tue, 14 Aug 2018 19:26:40 GMT; Domain=en.softonic.com; Path=/ utm.content=buffera10d2; Max-Age=2592000; Expires=Wed, 29 Aug 2018 19:26:40 GMT; Domain=en.softonic.com; Path=/ utm.medium=social; Max-Age=2592000; Expires=Wed, 29 Aug 2018 19:26:40 GMT; Domain=en.softonic.com; Path=/ utm.source=twitter.com; Max-Age=2592000; Expires=Wed, 29 Aug 2018 19:26:40 GMT; Domain=en.softonic.com; Path=/ utm.campaign=buffer; Max-Age=2592000; Expires=Wed, 29 Aug 2018 19:26:40 GMT; Domain=en.softonic.com; Path=/
cache-control
max-age=60, must-revalidate, private
accept-ranges
bytes
content-encoding
gzip
x-varnish
375416080
age
0
via
1.1 varnish
vary
user-agent, User-Agent
strict-transport-security
max-age=15724800; includeSubDomains

Redirect headers

status
301
location
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
x-frame-options
DENY
x-xss-protection
0
access-control-allow-credentials
true
access-control-allow-origin
https://fb.me
access-control-expose-headers
X-FB-Debug, X-Loader-Length
pragma
no-cache
vary
Origin
access-control-allow-methods
OPTIONS
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
cache-control
private, no-cache, no-store, must-revalidate
content-type
text/html; charset="utf-8"
x-fb-debug
vy8UezKEFIIfMyCdD37URP4MHlkXOgm1Inks6DXGt7BiNA3VqSyKVrFnvgjsR+ZUWZtvaglyLeEEPIkrH3m9YQ==
content-length
0
date
Mon, 30 Jul 2018 19:26:40 GMT
optanon.css
cdn.cookielaw.org/skins/default_flat_bottom_two_button_black/v2/css/ 		29 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/skins/default_flat_bottom_two_button_black/v2/css/optanon.css
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F27) /
Resource Hash
2faf89adf1045861c22d2d65c9041ba59497e56660f0514df25e292c5f31e0ae

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
content-md5
5cG0W+yg3TuHrMAuNnG68Q==
x-cache
HIT
status
200
content-length
6805
x-ms-lease-status
unlocked
last-modified
Thu, 26 Jul 2018 22:20:09 GMT
server
ECAcc (frc/8F27)
etag
0x8D5F345F2EBC659
vary
Accept-Encoding
content-type
text/css
x-ms-request-id
6466c856-401e-0073-452f-25a825000000
cache-control
public, max-age=2592000
x-ms-version
2009-09-19
accept-ranges
bytes
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		332 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2400:cb00:2048:1::6810:d0a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
96fddfc7dd13713c1d9d81b4bfbf3e9944e651f9270e12060df386e67b740828

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 30 Jul 2018 18:20:28 GMT
server
cloudflare
etag
W/"5b5f56ec-530de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=259200
cf-ray
442a37decb476355-FRA
expires
Thu, 02 Aug 2018 19:26:40 GMT
f0d91-c1ceb.css
sc.sftcdn.net/styles/ 		206 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
131be98deb253407fb967d56fe1caa2467ddaaffce6e90f8670f5d77145ee168

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.989.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
30035
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
31060
x-detected-as
desktop
x-request-id
ecb83cf3-c294-46c0-ad11-e840331e7dd7
x-served-by
server-67bd4f6d4d-sjqq2, cache-ams4146-AMS, cache-hhn1537-HHN
last-modified
Mon, 30 Jul 2018 11:02:36 GMT
x-timer
S1532978800.445659,VS0,VE0
etag
"31d1a83e53cad43f67ef063ceb4114293bc047c3"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
text/css; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 3269
994e2-7e289.js
sc.sftcdn.net/scripts/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/994e2-7e289.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
5104977
x-cache
MISS, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
5013
x-detected-as
mobile
x-request-id
1ca30550-341c-4e3a-804e-4de6fb5e2930
x-served-by
server-958f986c6-d8tzt, cache-ams4120-AMS, cache-hhn1538-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978800.479115,VS0,VE0
etag
"73852c24b51ec9c89260b32a4a66b3e2bfa226c2"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
0, 252198
gpt.js
www.googletagservices.com/tag/js/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:816::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cce5bedbf1642321b19ea910bf2cba0e391b9e2f71eb74eb55384c687b6f3659
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"6 / 232 of 1000 / last-modified: 1532633714"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
7834
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:40 GMT
17ecc-3c252.js
sc.sftcdn.net/scripts/ 		292 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/17ecc-3c252.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
d836f1976a7c932eebf27906e82ce7b75ed5b3ed2d11d54c775248a36f8eba2d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301858
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
85069
x-detected-as
mobile
x-request-id
76071f83-7873-4fc3-a2bf-3d38e67df070
x-served-by
server-756cf4794b-ldbdm, cache-ams4134-AMS, cache-hhn1538-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978800.442645,VS0,VE0
etag
"61de971068201fc09cfe08c932f9194bcc30c9c6"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 24122
b6d3c-be66b.png
sc.sftcdn.net/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sc.sftcdn.net/images/b6d3c-be66b.png
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7a2a36b109ce7c47f2b013ecfbc4da3152fcb837bc9fbcdf291e5b3c5c2a4bdc

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4876859
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
3053
x-detected-as
desktop
x-request-id
751b5e5b-8319-42c9-8517-929fe28c51d4
x-served-by
server-958f986c6-hsr8v, cache-ams4138-AMS, cache-hhn1537-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978801.513935,VS0,VE0
etag
"601fece93ee4ddb2e152ec4ffa99b824d3ada47e"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
image/png
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
7802, 271392
embed.js
cdn.playwire.com/bolt/js/zeus/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt/js/zeus/embed.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
06f962d89b78f084906d06e8820a92f9229874d9aa534f188e9c3f4254c87213

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Jul 2018 16:23:18 GMT
ETag
"1532535798"
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978800.dop007.fr8.t,1532978800.cds020.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=162
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2232
blue-google-192.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2017/10/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2017/10/blue-google-192.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e105773c850e3031c290758fee11147d27ff58d683d7eb9abc607d5967c875c4

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 18 May 2018 13:55:46 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Mon, 02 Oct 2017 16:50:52 GMT
server
AmazonS3
age
1043632
etag
"401363064088f6c1aa6fb70069bf4489"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
49195
x-amz-cf-id
kWqMXH0fIf7Bw6V9BbJAzeUeXcnUGxqUQG0-dPMRliUUJcYTggvupA==
expires
Tue, 02 Oct 2018 16:50:51 GMT
Malicious-Chrome-Extension-diagram-768x424.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/01/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/01/Malicious-Chrome-Extension-diagram-768x424.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
67cc6d5d8795240ec8941c9368beac93551650ca9db6743ac4a919b38230ba7c

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 29 Jul 2018 02:21:42 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Wed, 17 Jan 2018 14:54:34 GMT
server
AmazonS3
age
147899
etag
"1624f2de3c1609e5af0fd6fbe06f6eab"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
27255
x-amz-cf-id
iMbmZphgkytY-YluCDxgHe994nJKtLK6TaRo3iX1rQikOkb26rke7A==
expires
Thu, 17 Jan 2019 14:54:32 GMT
3051940f-fed8-41ba-897a-fc23889a150a.js
cdn.cookielaw.org/consent/ 		43 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/3051940f-fed8-41ba-897a-fc23889a150a.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
152.195.132.202 Ashburn, United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8FDB) /
Resource Hash
1e894d1184c4cf77b4fd50ca6cb03ea7dfb9134ea3ffd7ee5b5a69d4c9168b8a

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
content-md5
tffHJuf4DMRdk2h4orSvGA==
x-cache
HIT
status
200
content-length
11374
x-ms-lease-status
unlocked
last-modified
Thu, 26 Jul 2018 14:45:01 GMT
server
ECAcc (frc/8FDB)
etag
0x8D5F3065E12F2CE
vary
Accept-Encoding
content-type
application/x-javascript
x-ms-request-id
53743d2c-a01e-0036-4432-2875b4000000
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
am.js
www.anrdoezrs.net/am/7074958/include/allCj/impressions/page/ 		215 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anrdoezrs.net/am/7074958/include/allCj/impressions/page/am.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
63.215.202.80 Amsterdam, Netherlands, ASN25751 (VALUECLICK - Conversant, Inc., US),
Reverse DNS
tracking-ams5.cj.com
Software
Resin/3.1.14 /
Resource Hash
f6da9ad83e74465de86e7f9270c826817de159581a1af4c4e4683da4fe1978ab

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:40 GMT
Content-Encoding
gzip
Server
Resin/3.1.14
Transfer-Encoding
chunked
Content-Type
text/javascript
Cache-control
max-age=86400
Connection
close
Expires
Tue, 31 Jul 2018 19:26:40 GMT
web
onesignal.com/api/v1/sync/b89fd83b-056a-497d-abac-eec36d9dc765/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/b89fd83b-056a-497d-abac-eec36d9dc765/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
SPDY
Server
2400:cb00:2048:1::6810:d0a5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Phusion Passenger 5.3.2
Resource Hash
8b5dce69d4562d2850257196c0d55b2e0a68967bf4a16c4a51e55308f0d48534
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-powered-by
Phusion Passenger 5.3.2
status
200, 200 OK
x-xss-protection
1; mode=block
x-request-id
2a2fcc4b-ed3f-45e8-b84a-bb384473da65
x-runtime
0.038631
cf-bgj
minify
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
cf-polished
origSize=2547
cf-ray
442a37dfbc566355-FRA
access-control-allow-headers
SDK-Version
cygnus
as-sec.casalemedia.com/ 		24 B
962 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=249693&v=7.2&r=%7B%22id%22%3A%221c91ee90f30742%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2220892ec0d2dcf7%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22249693%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%22366afddd52eff3%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22249693%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%2242f21386dcf06e%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22249693%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2258b42f77664207%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22249693%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer%22%2C%22ref%22%3A%22https%3A%2F%2Ft.co%2F3pqwIUYoWh%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
2.18.234.21 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f627a1d66b406df6a33e848d562a6a144a67cf8be9a17a64f698fcb71d0d019c

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:40 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
44
Expires
Mon, 30 Jul 2018 19:26:40 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10496&site_id=44166&zone_id=191544&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw&rf=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&tk_flint=pbjs_lite_v1.16.0&x_source.tid=1beb4ce3-c265-45f9-946e-ed7eb1444f0f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1203766678062943
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
69.173.144.142 Smithfield, United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
de2b7605f2ada600c766ff33ee1ab33c0a1d346c6b8b03a2c74075dc0424a5da

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:40 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=21
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		259 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10496&site_id=44166&zone_id=191544&size_id=15&alt_size_ids=10&p_pos=unknown&gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw&rf=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&tk_flint=pbjs_lite_v1.16.0&x_source.tid=322096cb-8106-43ec-be43-0df27dbe5f5f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.05085527941344803
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
69.173.144.142 Smithfield, United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
d9b542f8972eede1852eb7cf461d2e472f496466cb7fb9f70862ed26027627c3

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:40 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=26
Content-Length
259
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		259 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10496&site_id=44166&zone_id=193310&size_id=15&alt_size_ids=10&p_pos=unknown&gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw&rf=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&tk_flint=pbjs_lite_v1.16.0&x_source.tid=e8daa9e6-3572-43e8-8c21-4402bfd65904&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5085735686250683
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
69.173.144.142 Smithfield, United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
e781ddf072144a292cba2831f98a62a02935c870cb7db81ccb45370c74aeb448

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:40 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=97
Content-Length
259
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10496&site_id=44166&zone_id=193310&size_id=2&alt_size_ids=55%2C57&p_pos=unknown&gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw&rf=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&tk_flint=pbjs_lite_v1.16.0&x_source.tid=6f2faa53-6372-496e-90d2-28aa66ad03e3&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7466481544669725
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
69.173.144.142 Smithfield, United States, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
6f4ec6c347df7c976992d486f2dffa6121fb2ce37346bc82b6220a07916e3bd0

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:40 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=99
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cdb
bidder.criteo.com/ 		0
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=8&cb=22188162659
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
178.250.2.89 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://en.softonic.com
Date
Mon, 30 Jul 2018 19:26:39 GMT
Access-Control-Allow-Credentials
true
Server
Finatra
Vary
Origin
prebid
ib.adnxs.com/ut/v3/ 		21 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
185.33.223.208 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
Software
nginx/1.13.4 /
Resource Hash
aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:42 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.24:80
AN-X-Request-Uuid
d6d39d0c-f9a5-469b-b580-6708cf97cc5e
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
21
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ads.min.js
en.softonic.com/ 		0
445 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://en.softonic.com/ads.min.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.233.114.27 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
27.114.233.35.bc.googleusercontent.com
Software
nginx/1.13.12 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:path
/ads.min.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
en.softonic.com
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
:scheme
https
:method
GET
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.988.0
date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
vary
User-Agent
age
33094
status
200
content-length
20
x-request-id
0a984c83893aaa328b077e50c0f12f4b
x-served-by
server-76cf84bf47-5dzjk
last-modified
Thu, 05 Jul 2018 09:39:10 GMT
server
nginx/1.13.12
etag
"da39a3ee5e6b4b0d3255bfef95601890afd80709"
strict-transport-security
max-age=15724800; includeSubDomains
x-varnish
1887979449 1884853783
via
1.1 varnish
cache-control
max-age=604800, must-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
chunk1-80642.js
sc.sftcdn.net/scripts/ 		41 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk1-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
dbad5c49cdd89c1d8a4722603b9425048d8067fffafe7928ff53d0a73e5b5544

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301827
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
7035
x-detected-as
desktop
x-request-id
92686cc1-a9a4-4d12-a012-89d123e2e41c
x-served-by
server-756cf4794b-pldfn, cache-ams4128-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.597997,VS0,VE0
etag
"9b0146b78007d49860e59cf4ba1f436234e5b50d"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 23065
chunk2-80642.js
sc.sftcdn.net/scripts/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk2-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
14eb889bc717f96486f05bc6c6f2d075e5530d3811fe194dd890463caca2c933

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301826
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
5005
x-detected-as
desktop
x-request-id
00f8eb8b-acc3-4b64-ae9f-0beebb095cd2
x-served-by
server-756cf4794b-ldbdm, cache-ams4149-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.598008,VS0,VE0
etag
"3085f62870c77dc5bde3ade070517676ac755a57"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 18477
chunk0-80642.js
sc.sftcdn.net/scripts/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk0-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
eed6b7be94373ba7691397e3ddcf12a903347d02fe67c589702d9422531116c6

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301826
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
2446
x-detected-as
desktop
x-request-id
de9cbb0a-f818-4243-afd2-c508cd193000
x-served-by
server-756cf4794b-6kldm, cache-ams4150-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.598147,VS0,VE0
etag
"21e82a372507329fe108956b8be55555b2321ae5"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 19187
chunk10-80642.js
sc.sftcdn.net/scripts/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk10-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
6949d0cd5be1c1cae757bb31602cde4511b5e81e829c2edbd9b78332426383fc

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301826
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
2709
x-detected-as
desktop
x-request-id
907a0c47-db01-4fa7-b58d-0363645f3c18
x-served-by
server-756cf4794b-gmx2r, cache-ams4134-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.598120,VS0,VE0
etag
"f882be776ff47827ea4495926fb71eb8f027fd81"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 18500
chunk9-80642.js
sc.sftcdn.net/scripts/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk9-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
95f2493bceef5a8ebf37d29fcbe7e94c43783f9a377e03f845c835006aec994e

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301805
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
4741
x-detected-as
mobile
x-request-id
840b73ce-b8c2-40c0-832f-4bfb79872d7b
x-served-by
server-756cf4794b-qcz5f, cache-ams4121-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.598068,VS0,VE0
etag
"30bf1bfbb96495d79ce4f9eca240034a725fc8b0"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
2, 2586
chunk6-80642.js
sc.sftcdn.net/scripts/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk6-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
ba1fb66e57035082a781fa02418182f68328fc3096813fd81e005438c162ebb9

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301841
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
1898
x-detected-as
desktop
x-request-id
0f26496c-1d04-4c6d-85b6-c144c9789442
x-served-by
server-756cf4794b-bln6v, cache-ams4130-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.598139,VS0,VE0
etag
"0329129a5e07e210b3f1662dfc795cdf6ae7a6fc"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 2550
chunk19-80642.js
sc.sftcdn.net/scripts/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/scripts/chunk19-80642.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
ee16d7ba5d20237441b288eac470af9abe473676d94645e884d233ba99bd8528

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.976.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
301799
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
4486
x-detected-as
desktop
x-request-id
9168fbe7-07dc-464b-8f00-f8e3468eb065
x-served-by
server-756cf4794b-8dj27, cache-ams4133-AMS, cache-hhn1537-HHN
last-modified
Fri, 27 Jul 2018 07:31:46 GMT
x-timer
S1532978801.607214,VS0,VE0
etag
"c45dbfd56750f20017d2199fb99778bd63afe76a"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
4, 1979
gtm.js
www.googletagmanager.com/ 		166 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5LWWHP
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:817::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
75b716c2e036396c0f56dcf39379c735a21d7898e27586a76853d5ef8a32c116
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
40303
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:40 GMT
dd808-08327.ttf
sc.sftcdn.net/fonts/ 		22 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/dd808-08327.ttf
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e9f48f8728914e6ad7fe13bbd581c3a3ad2bcf0c48017437d6c564f8f2ef8c8d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.905.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
1663472
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
13632
x-detected-as
mobile
x-request-id
c121fb0b-3d73-4b55-b67d-ac5d78a52409
x-served-by
server-8564f4bbcb-w92ww, cache-ams4121-AMS, cache-hhn1538-HHN
last-modified
Wed, 11 Jul 2018 13:17:49 GMT
x-timer
S1532978801.611397,VS0,VE0
etag
"d83016531162efe9801b8038aed78520f1760850"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
font/ttf
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 110182
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=en.softonic.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=en.softonic.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_235.js
securepubads.g.doubleclick.net/gpt/ 		179 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
sffe /
Resource Hash
5618d2ea6cde29cc1d3c435d908b962a2e14111af849e234a7bba77ba2a7c79f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Jul 2018 14:55:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
62989
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:40 GMT
61467-43374.woff2
sc.sftcdn.net/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/61467-43374.woff2
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/994e2-7e289.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
a9d519fc5cd448a8ca42b786d99129fd4796f5c72a1dbd03efc0d6e270c32a1c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4876878
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
21360
x-detected-as
desktop
x-request-id
b600d5af-11c0-4f56-9b4c-fbc957962152
x-served-by
server-958f986c6-tddlz, cache-ams4128-AMS, cache-hhn1538-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978801.655318,VS0,VE0
etag
"c4ccc08ccbad0f9cae9e64f0a0c479c0937d458d"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
4685, 129343
221eb-e2224.woff2
sc.sftcdn.net/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/221eb-e2224.woff2
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/994e2-7e289.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
0025086ee3bfcc2c933bda67677bc67466ffe09f72266833d29b8682d6d64564

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.727.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4857529
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
25992
x-detected-as
desktop
x-request-id
aea71c70-86bc-404d-bb12-431f4374f5a6
x-served-by
server-5dbcbccb6f-flwc5, cache-ams4120-AMS, cache-hhn1538-HHN
last-modified
Mon, 04 Jun 2018 13:37:18 GMT
x-timer
S1532978801.655321,VS0,VE0
etag
"bb801140a0c6941f9599767cf63b1063cd83adf9"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 188136
zeus_global-fb8881ea67-6431027e84.js
cdn.playwire.com/bolt/js/zeus/ 		95 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/embed.js
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4ccb02cd5c5aa4bcf2cca5551b4f8efa09c88387efac09d2f321f22745513f46

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Jul 2018 16:23:19 GMT
ETag
"1532535799"
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978800.dop007.fr8.t,1532978800.cds006.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=75480
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
27342
6da0f-05fbf.woff2
sc.sftcdn.net/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/6da0f-05fbf.woff2
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
8f49f785c24f5cbbbb956ce51665ccb636129c1f3f31dd06f21b5063cd6506f0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4876887
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
21264
x-detected-as
desktop
x-request-id
beaf9919-52cb-41fd-80ef-1bb99831ae91
x-served-by
server-958f986c6-fbchv, cache-ams4145-AMS, cache-hhn1538-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978801.705229,VS0,VE0
etag
"cb1b320ec09d02560090126209e7e1a794c0371f"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
4533, 131926
loader.js
cdn.taboola.com/libtrc/softonicnetwork/ 		97 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/softonicnetwork/loader.js
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
08ab85da3c05eb8a4b4f052589c15bec69d9cbbaf7cca4a007b8f226438105e9

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
0Q_BqGEJMgoT2tOrceWKvVaj0fWdzB3j
content-encoding
gzip
etag
"2c0723891d5415b6c01b996be064e86c"
age
41
x-cache
HIT
status
200
x-amz-replication-status
COMPLETED
content-length
16612
x-amz-id-2
BmGvhrVWieVGoW9QKUF7hYN4hrmpqmlWZFC1pOUKdgvJed7erd3pNQri0EjtMFz6iT8QOolxoIw=
x-served-by
cache-hhn1526-HHN
last-modified
Mon, 30 Jul 2018 05:13:03 GMT
server
AmazonS3
x-timer
S1532978801.754599,VS0,VE1
date
Mon, 30 Jul 2018 19:26:40 GMT
vary
Accept-Encoding
x-amz-request-id
18E3E26FAC00B36A
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
1
d6532-45ec3.woff2
sc.sftcdn.net/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/d6532-45ec3.woff2
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
b39fe2c90e86fddaa1a5e0c5de32f90ef181d0dbe6730a7a649763440d351b63

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4876860
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
21412
x-detected-as
desktop
x-request-id
d091688f-4c7a-486c-9b35-d10cba43d50b
x-served-by
server-958f986c6-pl2x9, cache-ams4140-AMS, cache-hhn1538-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978801.764127,VS0,VE0
etag
"884af3253bcfef0f642193f6f3c9161edeaca6ba"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
4361, 133092
plow-2.6.1.js
cdn.playwire.com/bolt/js/ 		73 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:40 GMT
Content-Encoding
gzip
Last-Modified
Thu, 05 May 2016 16:10:42 GMT
ETag
"1462464642"
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978800.dop007.fr8.t,1532978800.cds040.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=432000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
25905
5b009-fb4d3.woff2
sc.sftcdn.net/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/5b009-fb4d3.woff2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
b1c21123e38ddd50081d30fea749900c29e1d3d9ac0f44c1aa923ee8eb7e7e51

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.723.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4876853
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
21408
x-detected-as
desktop
x-request-id
14f8ce51-eef8-4389-8ba2-d090fd44f083
x-served-by
server-958f986c6-fbchv, cache-ams4126-AMS, cache-hhn1538-HHN
last-modified
Fri, 01 Jun 2018 13:41:58 GMT
x-timer
S1532978801.822149,VS0,VE0
etag
"87eb244620b8d2777b548927ea01bbc25972ce73"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
4523, 126411
c2797-22cce.woff2
sc.sftcdn.net/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sc.sftcdn.net/fonts/c2797-22cce.woff2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
SPDY
Server
151.101.114.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
1d2688c06252f820bcedac94f5b751d6e91aa9ba738aa8dfaa7f54627f026384

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://sc.sftcdn.net/styles/f0d91-c1ceb.css
Origin
https://en.softonic.com

Response headers

x-version
1.727.0
date
Mon, 30 Jul 2018 19:26:40 GMT
via
1.1 google, 1.1 varnish, 1.1 varnish
age
4857525
x-cache
HIT, HIT
status
200
content-encoding
gzip
alt-svc
clear
content-length
26508
x-detected-as
mobile
x-request-id
b5c4736b-114b-4888-aec2-834067a3593b
x-served-by
server-5dbcbccb6f-ddc7k, cache-ams4130-AMS, cache-hhn1538-HHN
last-modified
Mon, 04 Jun 2018 13:37:18 GMT
x-timer
S1532978801.827654,VS0,VE0
etag
"0c42d67d69ab7736e91525e3629e6b1efe6bc7d9"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-language
es-ES
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
x-is-bot
false
accept-ranges
bytes
content-type
application/font-woff2
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-cache-hits
1, 33662
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5LWWHP
Protocol
SPDY
Server
2a00:1450:400e:80a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
5507
date
Mon, 30 Jul 2018 17:54:53 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14386
expires
Mon, 30 Jul 2018 19:54:53 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5LWWHP
Protocol
SPDY
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s12-in-f34.1e100.net
Software
cafe /
Resource Hash
f3ca766f15c08a52b36c3d080fa934f2c5b3c758e8c8a6e099d464e8375e4a8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
6845
x-xss-protection
1; mode=block
server
cafe
etag
2112158640234685715
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:26:40 GMT
api.min.js
a.optnmstr.com/app/js/ 		158 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.optnmstr.com/app/js/api.min.js
Requested by
Host: t.co
URL: https://t.co/3pqwIUYoWh
Protocol
SPDY
Server
23.111.11.83 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
87567ce9ac62bd427dcb65a313ffc8943776afb8e38af245d12c3b029464ba20

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
content-encoding
gzip
last-modified
Mon, 30 Jul 2018 15:35:30 GMT
server
NetDNA-cache/2.2
x-amz-request-id
85D9E1C9B9F9162F
etag
W/"df84ee2cf8f35fc0dbb842f10e2b88c5"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
2592000
x-amz-id-2
ciuaKOCdqQct3bzk/8v+6cicmzBL8JOkwfZhEB8mAzsg2C69wgl7f2tgEJ50REayB9ntOEjitCY=
expires
Tue Jul 30 2019 11:35:30 GMT-0400 (DST)
ads
securepubads.g.doubleclick.net/gampad/ 		52 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1950788829854089&correlator=309416174990183&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&vrg=235&npa=1&guci=1.2.0.0.2.1.0&sc=1&sfv=1-0-29&iu_parts=5302%2CDesktop%2CDesktop-Web-EN%2CFeatures%2CArticlepage%2CATF_leaderboard_first%2CATF_MPU_First%2CATF_Notificationbar&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2F5%2C%2F0%2F1%2F2%2F3%2F4%2F6%2C%2F0%2F1%2F2%2F3%2F4%2F7&prev_iu_szs=970x250%7C970x90%7C728x90%2C300x600%7C300x250%2C320x50&fluid=0%2C0%2Cheight&prev_scp=type%3Dtop_leaderboard%26pos%3Dtop%26ad_group%3Dad_bc%26ad_h%3D19%26adBlock%3Dfalse%7Ctype%3Dtop_medium_rectangle%26pos%3Dtop%26ad_group%3Dad_opt%26ad_h%3D19%26adBlock%3Dfalse%7Ctype%3Dnotificationbar%26pos%3Dtop%26oldBrowser%3Dno%26locale%3Den-US%26devicePlatformId%3Dmac%26ad_group%3Dad_opt%26ad_h%3D19%26adBlock%3Dfalse&eri=1&cust_params=devel%3D0%26compliant%3D1%26platformId%3Dmac%26file%3D%26kw%3D%26author%3D%26dc_ref%3Dhttps%253A%252F%252Fen.softonic.com%252Farticles%252Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%26contentid%3D96584%26country%3DDE%26personalized%3D0%26content%3Dbuffera10d2%26medium%3Dsocial%26source%3Dtwitter.com%26campaign%3Dbuffer%26dfp_user%3D%26gaid%3D&cookie_enabled=1&bc=7&abxe=1&lmt=1532978800&dt=1532978800979&frm=20&biw=1585&bih=1200&oid=3&adxs=308%2C1133%2C0&adys=55%2C342%2C15&adks=3206002686%2C3829938641%2C1316494755&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&dssz=43&icsg=536873600&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=972x252%7C300x600%7C1585x15&msz=970x250%7C300x600%7C1585x15&ga_vid=2128596258.1532978801&ga_sid=1532978801&ga_hid=763116025
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
cafe /
Resource Hash
10eb4f5f3d18ce3074863e32d2ddfd813a820fed1c870fb1771bd8baa88f3327
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14993
x-xss-protection
1; mode=block
google-lineitem-id
-1,4656029258,4685814902
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,138231759270,138234302415
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://en.softonic.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_235.js
securepubads.g.doubleclick.net/gpt/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_235.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
sffe /
Resource Hash
21e105e01591b5b04ef09d2e63dd1dbbd39b41bc45dd029f6f1ef2cd79a637bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Jul 2018 14:55:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
16416
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:41 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
2a00:1450:4001:817::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Purpose
prefetch
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

expires
Fri, 19 Jul 2019 16:51:16 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
content-type
text/html
5205_adwords_300x250V1.jpg
aka-cdn-ns.adtechus.com/images/ 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aka-cdn-ns.adtechus.com/images/5205_adwords_300x250V1.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2606:2800:234:13d4:25ff:664:671:13a5 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/419C) /
Resource Hash
61fcaeba246e455462388a2ee29df2c1cb6e0b5c1438b4b79175f977475de366

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:40 GMT
last-modified
Mon, 30 Jul 2018 19:26:05 GMT
server
ECS (fcn/419C)
x-cache
HIT
content-type
image/jpeg
status
200
cache-control
max-age=604800
accept-ranges
bytes
content-length
69878
expires
Mon, 06 Aug 2018 19:26:40 GMT
impl.317-23-RELEASE.js
cdn.taboola.com/libtrc/ 		402 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.317-23-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/softonicnetwork/loader.js
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e2fc4535bb6cd1affd10c162fe5d773a4f72c9759ab850d11cd1c2522a840b0d

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
EcuazTHWWEpGuJ_MQN9RDUEvw8rO1gRQ
content-encoding
gzip
etag
"4a9462a31dc27748abe39a2e515c8635"
age
16
x-cache
HIT
status
200
x-amz-replication-status
COMPLETED
content-length
114349
x-amz-id-2
YMNNE+OH0jOfnJQntAeU8S/sORlEU2MMy/6agZAOIL9n/NZm+rN2bWagoH+enubrfx5oWvgunIU=
x-served-by
cache-hhn1526-HHN
last-modified
Sun, 29 Jul 2018 12:25:52 GMT
server
AmazonS3
x-timer
S1532978801.014935,VS0,VE0
date
Mon, 30 Jul 2018 19:26:41 GMT
vary
Accept-Encoding
x-amz-request-id
1B0506B4D95885D2
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-cache-hits
311
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/softonicnetwork/loader.js
Protocol
HTTP/1.1
Server
104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
901
Expires
Tue, 31 Jul 2018 19:26:41 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/3051940f-fed8-41ba-897a-fc23889a150a.js
Protocol
SPDY
Server
2a00:1450:4001:814::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 13 Jul 2018 19:51:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1467337
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
33495
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jul 2019 19:51:04 GMT
gigya.js
cdns.gigya.com/JS/ 		202 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
669ca8808d232f50685ce7901d1944fe8f05218a7129fabb7f274749d8322485

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
X-Soa
true, Gator
Edge-Cache-Tag
siteid_7152231,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
Connection
keep-alive
Content-Length
71731
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-CallID
f6519eebca514b1d95dc0380ce3521ee
Cache-Control
private, max-age=900
X-Server
us1a-nomad-g02
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Expires
Mon, 30 Jul 2018 19:41:41 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		821 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1950788829854089&correlator=3392827017833264&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fifs&adsid=NT&json_a=1&vrg=235&npa=1&guci=1.2.0.0.2.1.0&sc=1&sfv=1-0-29&iu_parts=5302%2CDesktop%2CDesktop-Web-EN%2CFeatures%2CArticlepage%2CATF_OOP_Interstitial%2CATF_OOP_Wallpaper&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2F5%2C%2F0%2F1%2F2%2F3%2F4%2F6&prev_iu_szs=1x1%2C1x1&ists=3&prev_scp=type%3Dinterstitial%26ad_group%3Dad_bc%26ad_h%3D19%26adBlock%3Dfalse%7Ctype%3Dwallpaper_background%26pos%3Dtop%26ad_group%3Dad_opt%26ad_h%3D19%26adBlock%3Dfalse&eri=1&cust_params=devel%3D0%26compliant%3D1%26platformId%3Dmac%26file%3D%26kw%3D%26author%3D%26dc_ref%3Dhttps%253A%252F%252Fen.softonic.com%252Farticles%252Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%26contentid%3D96584%26country%3DDE%26personalized%3D0%26content%3Dbuffera10d2%26medium%3Dsocial%26source%3Dtwitter.com%26campaign%3Dbuffer%26dfp_user%3D%26gaid%3D&cookie_enabled=1&bc=7&abxe=1&lmt=1532978801&dt=1532978801054&frm=20&biw=1585&bih=1200&oid=3&adxs=0%2C0&adys=4897%2C4912&adks=3129107050%2C2463079366&gut=v2&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&dssz=58&icsg=137439641600&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x15%7C1585x4913&msz=1585x15%7C1585x15&ga_vid=2128596258.1532978801&ga_sid=1532978801&ga_hid=763116025
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
cafe /
Resource Hash
3fcee502ea80e2e8005e9e2a70893125c070e9e8e6944adfb9e8bb571647f917
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
392
x-xss-protection
1; mode=block
google-lineitem-id
-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-2
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://en.softonic.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pageImpression
www.anrdoezrs.net/ 		0
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.anrdoezrs.net/pageImpression
Requested by
Host: www.anrdoezrs.net
URL: https://www.anrdoezrs.net/am/7074958/include/allCj/impressions/page/am.js
Protocol
HTTP/1.1
Server
63.215.202.80 Amsterdam, Netherlands, ASN25751 (VALUECLICK - Conversant, Inc., US),
Reverse DNS
tracking-ams5.cj.com
Software
Resin/3.1.14 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:40 GMT
Server
Resin/3.1.14
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
close
Access-Control-Allow-Headers
content-type
Content-Length
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/939865557/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/939865557/?random=1532978801072&cv=9&fst=1532978801072&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G7n&sendb=1&frm=0&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&tiba=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
SPDY
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0521b016a9e9dd4926b0fb55728e14631da775f43f317911629c1f83b0bd523d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
1059
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
publisher:getClientId
ampcid.google.com/v1/ 		74 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
SPDY
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://en.softonic.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
94
x-xss-protection
1; mode=block
a-00k5.min.js
b-code.liadm.com/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-00k5.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5LWWHP
Protocol
SPDY
Server
54.230.44.116 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-116.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ebb91e2adb5fb3e7f0b45a7583bbda4c09b007d3d8b5b00fb79cd4b884f5ab50

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 27 Jun 2018 14:41:25 GMT
content-encoding
gzip
last-modified
Mon, 12 Mar 2018 10:26:24 GMT
server
AmazonS3
age
2465
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
Q.WQ.2WgGqO2UfR3SH3uwd_E3BlcuBv5
status
200
cache-control
public, max-age=86400
content-type
application/javascript
x-amz-cf-id
zvsAspmmLfdaZ9J3U0Hs9oDRdsTJKxrfEd0jly-d3jf0a7l01OpoqA==
via
1.1 d2e34d11a094aa8f0c8077cfdf5b4b38.cloudfront.net (CloudFront)
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:36 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3...
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:41 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:41 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
104.111.214.103 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:41 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=15548145&cs_ucfr=1&ns__t=1532978801111&ns_c=UTF-8&cv=3.1&c8=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&c7=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&c9=https%3A%2F%2Ft.co%2F3pqwIUYoWh
Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:41 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
publishertag.prebid.js
static.criteo.net/js/ld/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Server
178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b70c29fb442ecbfaf97100b7875a539d88a9f34b2955554ae10eb89334ffb945

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Sep 2007 08:50:25 GMT
Server
nginx
ETag
W/"5b4ee7f6-89ab"
Transfer-Encoding
chunked
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Connection
keep-alive
Timing-Allow-Origin
*
Expires
Tue, 31 Jul 2018 19:26:41 GMT
zeus.json
config.playwire.com/1020776/videos/v2/5436998/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://config.playwire.com/1020776/videos/v2/5436998/zeus.json
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
c975eef2e911faed1f5e0450202594aa145770e0b15436f957e5e1c92b478e3c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
X-HW
1532978801.dop009.fr8.t,1532978801.cds004.fr8.shn,1532978801.dop009.fr8.t,1532978801.cds002.fr8.c
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private, must-revalidate, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding
Content-Length
1311
/
www.google.com/ads/user-lists/939865557/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/user-lists/939865557/?random=1532978801072&cv=9&fst=1532977200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G7n&sendb=1&frm=0&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&tiba=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&async=1&fmt=3&cdct=2&is_vtc=1&random=892757902&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:817::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
adclick_server /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
x-content-type-options
nosniff
server
adclick_server
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/ads/user-lists/939865557/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/user-lists/939865557/?random=1532978801072&cv=9&fst=1532977200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G7n&sendb=1&frm=0&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&tiba=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&async=1&fmt=3&cdct=2&is_vtc=1&random=892757902&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
adclick_server /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
x-content-type-options
nosniff
server
adclick_server
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
639088
api.optmnstr.com/v1/optin/9844/ 		28 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.optmnstr.com/v1/optin/9844/639088
Requested by
Host: a.optnmstr.com
URL: https://a.optnmstr.com/app/js/api.min.js
Protocol
SPDY
Server
50.17.52.222 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-50-17-52-222.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
88624a401692751c7e94f2ceb977da73541b02dde105dc80e9536050b84662ba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

x-optinmonster-campaign
ivu2shpfutgmrrypqfob
x-user-agent
standard
content-encoding
gzip
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Mon, 30 Jul 2018 19:26:41 GMT
x-cache-status
HIT
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Campaign
access-control-allow-headers
X-CSRF-Token
publisher:getClientId
ampcid.google.de/v1/ 		3 B
364 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
SPDY
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://en.softonic.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
1; mode=block
640571
api.optmnstr.com/v1/optin/9844/ 		30 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.optmnstr.com/v1/optin/9844/640571
Requested by
Host: a.optnmstr.com
URL: https://a.optnmstr.com/app/js/api.min.js
Protocol
SPDY
Server
50.17.52.222 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-50-17-52-222.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
55915ee5061d199dc4bce88e30f54390749d7067af6ca3d55fd5a3aa320cf596

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

x-optinmonster-campaign
bk9ghfis7jtnpghvdwee
x-user-agent
standard
content-encoding
gzip
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Mon, 30 Jul 2018 19:26:41 GMT
x-cache-status
HIT
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Campaign
access-control-allow-headers
X-CSRF-Token
pageImpression
www.anrdoezrs.net/ 		2 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.anrdoezrs.net/pageImpression
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
63.215.202.80 Amsterdam, Netherlands, ASN25751 (VALUECLICK - Conversant, Inc., US),
Reverse DNS
tracking-ams5.cj.com
Software
Resin/3.1.14 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Server
Resin/3.1.14
Access-Control-Allow-Methods
POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
close
Access-Control-Allow-Headers
content-type
Content-Length
2
590082
api.optmnstr.com/v1/optin/9844/ 		2 B
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.optmnstr.com/v1/optin/9844/590082
Requested by
Host: a.optnmstr.com
URL: https://a.optnmstr.com/app/js/api.min.js
Protocol
SPDY
Server
50.17.52.222 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-50-17-52-222.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com

Response headers

x-optinmonster-campaign
vdgkwytmd3kgzmizdjqo
x-user-agent
standard
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Mon, 30 Jul 2018 19:26:41 GMT
x-cache-status
HIT
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Campaign
access-control-allow-headers
X-CSRF-Token
content-length
2
sticky.min.js
cdn.playwire.com/bolt_plugins/stickyVideo/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt_plugins/stickyVideo/sticky.min.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
95e2e3f3b266f23886bc16676337f5ea08c4f03df294bdaeace231c1174cc42c

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Jun 2018 16:53:33 GMT
ETag
"1530118413"
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978800.dop007.fr8.t,1532978801.cds040.fr8.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=432000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3217
bk-coretag.js
tags.bkrtx.com/js/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.bkrtx.com/js/bk-coretag.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
104.111.238.79 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-238-79.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Last-Modified
Mon, 23 Jul 2018 20:07:28 GMT
Server
Apache
ETag
"3160052-7a94-571b031e6f476"
Content-Type
text/javascript
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31380
Expires
Mon, 06 Aug 2018 19:26:41 GMT
__pwhb__03082018.js
cdn.playwire.com/bolt/js/ 		99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt/js/__pwhb__03082018.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
3551715983a2de83a7907046caad9f378fa53ee6e76e3223d5ecf3b2588c730e

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
Last-Modified
Thu, 08 Mar 2018 14:27:11 GMT
ETag
"1520519231"
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978800.dop007.fr8.t,1532978801.cds040.fr8.c
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=432000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30872
Api.aspx
cdns.eu1.gigya.com/gs/webSdk/ Frame CD6C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&version=latest
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
cdns.eu1.gigya.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Edge-Cache-Tag
siteid_7152231,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Soa
true, Gator
X-Server
us1a-nomad-g09
X-CallID
bd394046ad1d4494904fc645136ecb44
Content-Encoding
gzip
X-Gigya-HA-cfg-ver
5
X-Robots-Tag
none
Content-Length
23662
Vary
Accept-Encoding
Cache-Control
private, max-age=86400
Date
Mon, 30 Jul 2018 19:26:41 GMT
Connection
keep-alive
poster_0000.png
cdn.video.playwire.com/1020776/videos/5436998/ 		81 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.video.playwire.com/1020776/videos/5436998/poster_0000.png
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
6ab7b4de182b6059afc4878d0218380cfd139d17969e41fc10265d5572ca011f

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Last-Modified
Fri, 06 Oct 2017 09:20:59 GMT
ETag
"1507281659"
X-HW
1532978801.dop007.fr8.t,1532978801.cds014.fr8.shn,1532978801.dop007.fr8.t,1532978801.cds045.fr8.c
Content-Type
image/png
Cache-Control
max-age=432000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
83291
js
www.google-analytics.com/gtm/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-W7FSC8T&cid=2128596258.1532978801
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
SPDY
Server
2a00:1450:400e:80a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
cbca67fb248f88809c5f42ba73b47ce820bf68ed7a99f8331e06c959d9bd7535
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
19870
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:41 GMT
gigya.services.plugins.base.min.js
cdns.gigya.com/js/ 		121 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.socialize.plugins.reactions&lang=en&version=latest
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ad2d8f37ea170b6a8f268f4f11fad1bb32d07dbadaa6d3d8201a4b286f5d2aad

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
X-Soa
true, Gator
Edge-Cache-Tag
siteid_,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
Connection
keep-alive
Content-Length
39749
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-CallID
c16c3d291c0e47d0b4b6f2ef11a78b47
Cache-Control
private, max-age=900
X-Server
us1a-nomad-g08
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Expires
Mon, 30 Jul 2018 19:41:41 GMT
Cookie set 51679
stags.bluekai.com/site/ Frame DF16
Redirect Chain
  • https://stags.bluekai.com/site/51679?ret=html&phint=content_interests%3DTips%2Ctricks%2CHow%20To%2CGoogle%2Cgoogle%20chrome%2COffline%2Cdata%2CDownload%2Ctv%2Ctechnology%2Centertainment&phint=__bk_...
  • https://stags.bluekai.com/site/51679?dt=0&r=2133470671&sig=1612309438&bkca=KJhkDzamyp91djgrkikgsRJeetCE9ucWjxCh3gnDqS1kzD7za4TKjb+QivivU88MIf669JD2mqLRKrmoNmQJwBV1/DYAZOUq7HkikZXGscN/T9s7nJzfjciwta...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://stags.bluekai.com/site/51679?dt=0&r=2133470671&sig=1612309438&bkca=KJhkDzamyp91djgrkikgsRJeetCE9ucWjxCh3gnDqS1kzD7za4TKjb+QivivU88MIf669JD2mqLRKrmoNmQJwBV1/DYAZOUq7HkikZXGscN/T9s7nJzfjciwtakQ61N9bMbQuXhntNgMWtGDvx8q7nhaNSHVhfuOfMNSfnfT9sAKvK15GNknUKXwBqs9jtD7aDY6hkgQKgZjC6MTjnUHGs55Lk4chm6Ow/5Zc7z3VWF8h/s1QlMjdze5nX2eRv/7RLwaUjjUdBauL2m3sebZh25l4mLFf2+dNXWF/fSWlZQr510GxWjqR/VPItBW7B2vdJGx0RJ/OLuF41ciKRZEIv0GH7nNdJ+TI78LVyC3JjLX0b2EpAaMHLKoiBGGmf1HhbYOVjG1XPr4hjNuVgkOZzfd5a+RTy0PvfA/8KlbSol48wAlBCIIyQ==
Requested by
Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
172.227.114.224 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a172-227-114-224.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
stags.bluekai.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Cookie
bkdc=iad; bku=lXA99caZUNFeV3o5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Type
text/html
Content-Length
71
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma
no-cache
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control
max-age=0, no-cache, no-store
BK-Server
e79e
Date
Mon, 30 Jul 2018 19:26:41 GMT
Connection
keep-alive
Set-Cookie
bku=lXA99caZUNFeV3o5; expires=Sat, 26-Jan-2019 19:26:41 GMT; path=/; domain=.bluekai.com

Redirect headers

Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Location
https://stags.bluekai.com/site/51679?dt=0&r=2133470671&sig=1612309438&bkca=KJhkDzamyp91djgrkikgsRJeetCE9ucWjxCh3gnDqS1kzD7za4TKjb+QivivU88MIf669JD2mqLRKrmoNmQJwBV1/DYAZOUq7HkikZXGscN/T9s7nJzfjciwtakQ61N9bMbQuXhntNgMWtGDvx8q7nhaNSHVhfuOfMNSfnfT9sAKvK15GNknUKXwBqs9jtD7aDY6hkgQKgZjC6MTjnUHGs55Lk4chm6Ow/5Zc7z3VWF8h/s1QlMjdze5nX2eRv/7RLwaUjjUdBauL2m3sebZh25l4mLFf2+dNXWF/fSWlZQr510GxWjqR/VPItBW7B2vdJGx0RJ/OLuF41ciKRZEIv0GH7nNdJ+TI78LVyC3JjLX0b2EpAaMHLKoiBGGmf1HhbYOVjG1XPr4hjNuVgkOZzfd5a+RTy0PvfA/8KlbSol48wAlBCIIyQ==
BK-Server
c0c0
Date
Mon, 30 Jul 2018 19:26:41 GMT
Connection
keep-alive
Set-Cookie
bkdc=iad; expires=Sat, 26-Jan-2019 19:26:41 GMT; path=/; domain=.bluekai.com bku=lXA99caZUNFeV3o5; expires=Sat, 26-Jan-2019 19:26:41 GMT; path=/; domain=.bluekai.com
json
trc.taboola.com/softonic-en1/trc/3/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/softonic-en1/trc/3/json?tim=19%3A26%3A41.316&data=%7B%22id%22%3A219%2C%22ii%22%3A%22%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1532978801305%2C%22cv%22%3A%22317-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22cdb%22%3A%22BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw%22%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2F3pqwIUYoWh%22%2C%22bad%22%3A-1%2C%22bw%22%3A1600%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22qs%22%3A%22%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer%22%2C%22nsid%22%3A%22softonicnetwork%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-b%3Apub%3Dsoftonicnetwork%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%22%2C%22orig_uip%22%3A%22Below%20Article%22%2C%22cd%22%3A3331.90625%2C%22mw%22%3A799.171875%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22normal%22%7D
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.317-23-RELEASE.js
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
6de742478df101d8b1a54ea1a94fc593c1f0b3303d874ba6062aee610b55acc2

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
access-control-allow-origin
*
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
200
x-cache-hits
0
x-served-by
cache-hhn1526-HHN
server
nginx
x-timer
S1532978801.327819,VS0,VE79
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
amzn_ads.js
c.amazon-adsystem.com/aax2/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/amzn_ads.js
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Server
54.192.47.197 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-47-197.fra6.r.cloudfront.net
Software
Server /
Resource Hash
2db28c63e026d1d3ef854b17e8190f85d1b985091d12c31377c8a25c1154abcd

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 26 Jul 2018 17:12:40 GMT
Content-Encoding
gzip
Server
Server
Age
8039
ETag
97b26fe1ab412522c4d4dcfc4ee18b68
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 9aac77db976fd4f008caa822737485da.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6807
X-Amz-Cf-Id
jcjf-ZNFsZVxNuMjo-qTdhUxm2WQrJTiVDk7IK7OsaPZ5U3ktbyapg==
prebid
ib.adnxs.com/ut/v3/ 		50 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/__pwhb__03082018.js
Protocol
HTTP/1.1
Server
185.33.223.208 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
Software
nginx/1.13.4 /
Resource Hash
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:43 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.171:80
AN-X-Request-Uuid
894caf64-d825-4f35-8f17-f512b5458bf7
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://en.softonic.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
50
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
frame-8514f8e43e-8ded83043a.html
cdn.playwire.com/bolt/js/zeus/ Frame 2E98 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.playwire.com/bolt/js/zeus/frame-8514f8e43e-8ded83043a.html
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash

Request headers

Host
cdn.playwire.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
ETag
"1532535798"
Cache-Control
max-age=75479
Content-Encoding
gzip
Content-Length
737
Content-Type
text/html
Last-Modified
Wed, 25 Jul 2018 16:23:18 GMT
Access-Control-Allow-Origin
*
X-HW
1532978800.dop007.fr8.t,1532978800.cds045.fr8.shn,1532978801.dop007.fr8.t,1532978801.cds034.fr8.c
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame A225 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_235.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:817::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 16:51:16 GMT
expires
Fri, 19 Jul 2019 16:51:16 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
959725
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
osd.js
pagead2.googlesyndication.com/pagead/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
04d078a7462a26b8ac77cd49f31ceab69f7669dc0ff719b60d8ba2368bf2e423
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:15:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
642
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26262
x-xss-protection
1; mode=block
server
cafe
etag
4450274242919262769
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 20:15:59 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 83A5 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
f9e3120e70f158f92b3605de8f8135054451c25bbad4a0a9870a88fd3b15a6f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
27471
x-xss-protection
1; mode=block
server
cafe
etag
4889725386966282389
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:26:41 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20180725/r20110914/activeview/ Frame 83A5 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20180725/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_235.js
Protocol
SPDY
Server
2a00:1450:4001:817::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
757a143f0e376e328e9ce33678c97c29118043ea40992d77f6f23dcec262c63f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 25 Jul 2018 20:12:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
429226
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26363
x-xss-protection
1; mode=block
server
cafe
etag
2359810483577263060
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 08 Aug 2018 20:12:55 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-29/html/ Frame D11A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-29/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_235.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:817::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-29/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
1479
date
Thu, 19 Jul 2018 16:51:16 GMT
expires
Fri, 19 Jul 2019 16:51:16 GMT
last-modified
Mon, 11 Jun 2018 14:38:59 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
1; mode=block
cache-control
public, immutable, max-age=31536000
age
959725
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
view
securepubads.g.doubleclick.net/pcs/ Frame 83A5 		0
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDVPVh84-ZmwqfxVb9Epp_2t4xDmeJcX8fDtWvd7nHW512fS1uC9zMNz_O6Qz2sbXabzpuZXPwsbwZvurDzV_EVstqtgxYgLXkBpx6viO0lxn3IvoMuzc7n4ZJIrWpoBExYyXxv_tFQTAKic9YnT5wb25PLNu6Bk7Rc6XcGqKDHCeBCIwY-m35BCtr1sARbg0KW64P-Tv_lQkHCIgxHsdg7vQGLLZKr4jOHDIEXO_zdriibE59D9eenzyAxts7vwCm2CYlr7MiTQqDU6Z2Wfu_ZJPYEdaLmExWHlKf62wnBEJlGNmzyzUYWJNxY-ugdgq8I_oFlw&sai=AMfl-YQelAfvs8PiA6RPLvQvmdHVp1bSe4t_Xdk6UcQSVHopohnWLUWGgjhUb-xKetIm0jP_tCMrpFvuNur43Nx43j2TPJdzi8o1e8opjWm5&sig=Cg0ArKJSzBHG4mMr6bJ8EAE&urlfix=1&adurl=
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
cache-control
private
expires
Mon, 30 Jul 2018 19:26:41 GMT
55f23624c7956d21f5b835369e906588
2.gravatar.com/avatar/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://2.gravatar.com/avatar/55f23624c7956d21f5b835369e906588?s=96&d=mm&r=g
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
889a70cb72f1e8db781580c3d25b796bc7b3aa8a912b919a2b03fb2f70bc7d7f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-nc
HIT fra 2
Date
Mon, 30 Jul 2018 19:26:41 GMT
Last-Modified
Mon, 21 Nov 2016 13:44:39 GMT
Server
nginx
Source-Age
11680
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
Content-Disposition
inline; filename="55f23624c7956d21f5b835369e906588.jpeg"
Connection
keep-alive
Accept-Ranges
bytes
Link
<https://www.gravatar.com/avatar/55f23624c7956d21f5b835369e906588?s=96&d=mm&r=g>; rel="canonical"
Content-Length
3197
Expires
Mon, 30 Jul 2018 19:31:41 GMT
google-chrome-screenshot-1024x576.png
articles-images.sftcdn.net/wp-content/uploads/sites/3/2017/10/ 		170 KB
170 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2017/10/google-chrome-screenshot-1024x576.png
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b762127944f19a7bfcd8176e47c4e67231725c9ea410c8aef1bce963f0433232

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 27 Jul 2018 01:56:11 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Tue, 17 Oct 2017 20:01:27 GMT
server
AmazonS3
age
322231
etag
"71fa9dfe5d2b4fcb203942caa0cc5b86"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
173639
x-amz-cf-id
BGA_ckTefCl-jui4GL211jbsfPmRrUvEE8x2b83zRq_CvCiWecWlww==
expires
Wed, 17 Oct 2018 20:01:26 GMT
Facebook-logo-238x134.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/Facebook-logo-238x134.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c632af82283e66ad12e8be3001186309a87c26b996bb6e92f1665a3519ed31c1

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 18:21:28 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Mon, 30 Jul 2018 17:11:51 GMT
server
AmazonS3
age
3913
etag
"a9eb65fd7bc4419aedf737bc73b4a013"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
6041
x-amz-cf-id
xNhZ7mqJBI5hAfMHBBbUqzUMvBOcxf1m4fH4oPyEIcUFLxE_IU6zlw==
expires
Tue, 30 Jul 2019 17:11:50 GMT
Malwarebytes-extension-238x134.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/Malwarebytes-extension-238x134.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c8238f1a6083e27da733017c0985b1bd1f15add65945bf87b251f159fdf1214a

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 27 Jul 2018 11:23:53 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Fri, 27 Jul 2018 08:27:48 GMT
server
AmazonS3
age
288169
etag
"047f79b022589e066de065e42ff89a43"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
8331
x-amz-cf-id
MmYjikDVwLHaLz5gQgvmXeKGFhDpbmL_NlRcwq0mBaHBYPbJ_RCfGw==
expires
Sat, 27 Jul 2019 08:27:47 GMT
facebook-reacciones-238x134.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/facebook-reacciones-238x134.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d043e11bbf99ba21b4bde44bb1c3f24df38d3ab21a794d743b08576c23c666a1

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 26 Jul 2018 18:22:15 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Thu, 26 Jul 2018 17:59:34 GMT
server
AmazonS3
age
349467
etag
"ae3d73aecc59f3fc8eb1cef7bde4c18b"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
5582
x-amz-cf-id
ehf2IlFDWAUkIc7vAG3GGDnhyD0vXKvlAnzCtqHOxhii8dJOCpQz7g==
expires
Fri, 26 Jul 2019 17:59:33 GMT
Fortnite-on-Mobile-238x134.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/Fortnite-on-Mobile-238x134.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0c3653c14701f1f4e6f4f185c7088e2d843b74286e090f3b55b91c1b798575eb

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 27 Jul 2018 10:55:50 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Fri, 27 Jul 2018 10:48:02 GMT
server
AmazonS3
age
289852
etag
"858efd49f315c31baeb6a845d180faea"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
21899
x-amz-cf-id
5WlkWGwuvIAr4WXCtawaAcRpg6JggOpcQDGVPtrQ1X8M82dt3VuEzw==
expires
Sat, 27 Jul 2019 10:48:00 GMT
warframe-238x134.jpg
articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://articles-images.sftcdn.net/wp-content/uploads/sites/3/2018/07/warframe-238x134.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-136.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1a1055172b2be3e72b9402710b5cde294cc386914c827426f493fe327a9b55d4

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 27 Jul 2018 22:05:48 GMT
via
1.1 fea2754625efced449ee81cd3c469ec9.cloudfront.net (CloudFront)
last-modified
Fri, 27 Jul 2018 21:32:52 GMT
server
AmazonS3
age
249654
etag
"081ec11356560449840afaf41e157730"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
22698
x-amz-cf-id
nU7fTDiD1oSsKDP9gokjH4ssASAXVz7gJ7Nn5w0kXPPnv1019NtZHg==
expires
Sat, 27 Jul 2019 21:32:50 GMT
i
c.liadm.com/
Redirect Chain
  • https://c.liadm.com/i?e=pv&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3...
  • https://c.liadm.com/i?e=pv&&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https://en.softonic.com/articles/malware-filled-chrome-extensions-have-bee...
43 B
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.liadm.com/i?e=pv&&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&refr=https://t.co/3pqwIUYoWh&aid=a-00k5&tna=liveIntentPublisherTracker&page=Malware-filled+Chrome+extensions+have+been+downloaded+500K+times&tv=pub-2.0.4&n3pc=true&p=web&sid=898d0c91-3477-4600-a0f9-3380b4db45d6
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
52.54.14.45 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-54-14-45.compute-1.amazonaws.com
Software
nginx /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Server
nginx
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43

Redirect headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Server
nginx
Access-Control-Allow-Origin
*
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Location
https://c.liadm.com/i?e=pv&&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&eid=e79ea0e3-c0e3-4be3-a910-8cad67465255&url=https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&refr=https://t.co/3pqwIUYoWh&aid=a-00k5&tna=liveIntentPublisherTracker&page=Malware-filled+Chrome+extensions+have+been+downloaded+500K+times&tv=pub-2.0.4&n3pc=true&p=web&sid=898d0c91-3477-4600-a0f9-3380b4db45d6
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
buttonCenterImgUp.png
cdns2.gigya.com/gs/i/shareBar/button/ 		174 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdns2.gigya.com/gs/i/shareBar/button/buttonCenterImgUp.png
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
de34e56163cf7b887c17a511f4fcff7848ed39e769d40f621dfd5422c92471ba

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Version
1
Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Type
image/png
Last-Modified
Tue, 10 Apr 2018 02:55:52 GMT
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-LegacyProxy
true
Cache-Control
max-age=86400
X-Server
web528
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Content-Length
174
GetSprite.ashx
cdns.gigya.com/gs/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdns.gigya.com/gs/GetSprite.ashx?path=%2FshareBar%2Fbutton%2Fbutton%5Bleft%2Cright%5DImg%5Bup%2Cover%5D.png%7C2%2C20%5E%2FshareBar%2Fbutton%2FrightCountImg.png%7C38%2C20%5E%2Fsharebar%2Ficons%2F%5Bfacebook%2Ctwitter%2Cgoogleplus%2Cwhatsapp%2Clinkedin%2Cemail%2Cfacebook%2Creddit%2Cshare%5D.png%7C16%2C16
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
868cc3f20c74614974ff670429aeaa40a6561f08b826ea3803be74c7a825d920

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Version
1
Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Type
image/png
Last-Modified
Sun, 15 Jul 2018 05:57:37 GMT
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-LegacyProxy
true
Cache-Control
private, max-age=86400
X-Server
web518
Connection
keep-alive
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Content-Length
4463
c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
cdn.taboola.com/static/c5/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/static/c5/c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.317-23-RELEASE.js
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
3GoWmPpnzFDs5CP3.ebHbCmhALWQMuvH
content-encoding
gzip
etag
"11d8569a7da0739259e3ac0b0d666e94"
age
15
via
1.1 varnish
x-cache
HIT
status
200
x-amz-replication-status
COMPLETED
content-length
1502
x-amz-id-2
lV7dQuf4wNKoCPdBrYTAoiaMlKMCYgn3uSq0tYPBr/Qd2agbobsmx2qvLXiaiGPyFA9RnB2URtU=
x-served-by
cache-hhn1526-HHN
last-modified
Sun, 10 Jun 2018 13:23:55 GMT
server
AmazonS3
x-timer
S1532978802.605451,VS0,VE0
date
Mon, 30 Jul 2018 19:26:41 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
407B3AB216708298
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/svg+xml
access-control-allow-headers
*
x-cache-hits
137
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.317-23-RELEASE.js
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
age
13341044
x-cache
HIT
status
200
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
XvamycYj5i9elo1HIxQVWoqB3bzM0MDs3mgweXjpvYdi7ZZIyzbyvzEvbwKvdJGIx5LiaLJce0k=
x-served-by
cache-hhn1526-HHN
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1532978802.605520,VS0,VE0
date
Mon, 30 Jul 2018 19:26:41 GMT
x-req
/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
x-amz-request-id
093E8082E423E036
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
x-cache-hits
11928125
collect
www.google-analytics.com/ 		35 B
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j68&a=763116025&t=pageview&_s=1&dl=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&dr=https%3A%2F%2Ft.co%2F3pqwIUYoWh&ul=en-us&de=UTF-8&dt=Malware-filled%20Chrome%20extensions%20have%20been%20downloaded%20500K%20times&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&exp=PVjs5kKmSuC4M7gMF8NZEw.0&_u=aCjAgAADQAQC~&jid=365456431&gjid=1419254201&cid=2128596258.1532978801&tid=UA-152357-1&_gid=367335337.1532978801&gtm=G7n5LWWHP&cd1=%2Farticles&cd2=articles&cd31=&cd32=&cd33=&cd34=&cd35=&cd36=17&cd37=01&cd38=2018&cd43=no&cd47=undefined&cd50=&cd52=%2Farticles&cd70=Patrick%20Devaney&cd72=&cd82=yes&cd89=n%2Fa&cd94=&cd95=&z=2144279242
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:400e:80a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 20 Jul 2018 04:59:39 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
916022
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j68&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&gjid=1419254201&_gid=367335337.1532978801&_u=aCjAgAADQAQC~&z=2083052158
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158&slf_rd=1&random=1361110352
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158&slf_rd=1&random=1361110352
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-152357-1&cid=2128596258.1532978801&jid=365456431&_v=j68&z=2083052158&slf_rd=1&random=1361110352
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
legacy-api.min.js
a.optmnstr.com/app/js/ 		106 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.optmnstr.com/app/js/legacy-api.min.js
Requested by
Host: a.optnmstr.com
URL: https://a.optnmstr.com/app/js/api.min.js
Protocol
SPDY
Server
23.111.9.217 Phoenix, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
3f2ee549297096be5b211d4e2f2cb748de37bf85cd0dfad623c90449bdb28f78

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
last-modified
Mon, 30 Jul 2018 17:40:15 GMT
server
NetDNA-cache/2.2
x-amz-request-id
611552EEE95F365D
etag
W/"49ab7c50031ad1b267b0bf44eed2758b"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
2592000
x-amz-id-2
Q2Lu3lRaL3o0S7dLgNlkBIy7lsy0RQskefk3eQEBAYe7W041ltMrZizWuX/MQJ3vBs3F0jFaDuw=
expires
Tue Jul 30 2019 17:40:12 GMT+0000 (UTC)
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
gigya.services.socialize.plugins.simpleshare.min.js
cdns.gigya.com/js/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.gigya.com/js/gigya.services.socialize.plugins.simpleshare.min.js?version=latest
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d052b6fc73106a99aeef5ce4734ba5256b8e584fdb87e9601df402b3877246f3

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
X-Soa
true, Gator
Edge-Cache-Tag
siteid_,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
Connection
keep-alive
Content-Length
7482
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-CallID
f1340bb36b0b4ec7880c360e2c887d22
Cache-Control
private, max-age=900
X-Server
us1a-nomad-g07
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Expires
Mon, 30 Jul 2018 19:41:41 GMT
gigya.services.socialize.plugins.shareCounts.min.js
cdns1.gigya.com/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns1.gigya.com/js/gigya.services.socialize.plugins.shareCounts.min.js?version=latest
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
06682150994bc74a3de30f3c760178fbe81cfa4172b3e0d6da01ba7e4201a5e6

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
X-Soa
true, Gator
Edge-Cache-Tag
siteid_,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
Connection
keep-alive
Content-Length
1577
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
X-CallID
cd5626c739ab42afab6696564c26a911
Cache-Control
private, max-age=900
X-Server
us1a-nomad-g08
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Expires
Mon, 30 Jul 2018 19:41:41 GMT
Cookie set accounts.webSdkBootstrap
login.softonic.com/ 		203 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.softonic.com/accounts.webSdkBootstrap?apiKey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&pageURL=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&format=jsonp&callback=gigya.callback&context=R1607561322
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.139.16 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-247-139-16.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b9c09a3a4891b34e0a84dc18265578d9661e14dd663551e909138d85cab29fcc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
login.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Cookie
persistent.fpmUserId=0be8763a-ad05-4278-aa94-a6b6c41795c4; session.fpmSessionId=60d7c29d-58dd-4c1f-9287-c0579a1da404; persistent.softonic_mobile.page_views.counter=1; session.softonic_mobile.page_views.counter=1; OptanonConsent=landingPath=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&datestamp=Mon+Jul+30+2018+19%3A26%3A41+GMT%2B0000+(UTC)&version=3.6.22; AMP_TOKEN=%24NOT_FOUND; __gads=ID=592cd6bd972950bd:T=1532978801:S=ALNI_Mbj-P7DxAE5S7_R3BjwgttFXXJKyQ; _gaexp=GAX1.2.PVjs5kKmSuC4M7gMF8NZEw.17835.0
Connection
keep-alive
Cache-Control
no-cache
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Version
1
Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" CP="IDC COR PSA DEV ADM OUR IND ONL"
Connection
keep-alive
Content-Length
177
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8; authoritative=true;
X-LegacyProxy
true
Cache-Control
private
X-Server
eu1b-web703
Set-Cookie
hasGmid=ver2; domain=.login.softonic.com; expires=Wed, 30-Jan-2019 20:26:41 GMT; path=/; secure gmid=V68Tky8jpTECT3yK8LHrxFycOTbJHJ9qCR6QEb+m484=; domain=.login.softonic.com; expires=Tue, 30-Jul-2019 19:26:41 GMT; path=/; secure; HttpOnly ucid=Mo8S/OgEPuDbsHAdLpfZeg==; domain=.login.softonic.com; expires=Tue, 30-Jul-2019 19:26:41 GMT; path=/
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Expires
Mon, 30 Jul 2018 19:25:41 GMT
available
trc.taboola.com/softonic-en1/log/3/ 		0
270 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/softonic-en1/log/3/available
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.317-23-RELEASE.js
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
server
nginx
x-timer
S1532978802.710592,VS0,VE9
x-served-by
cache-hhn1526-HHN
status
204
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://en.softonic.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
V_EN_600x500_Boda_2017-0928_01_army_DE_Naza%26IMG%3DYQ7.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//api-int.x-plarium.com/uploads/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//api-int.x-plarium.com/uploads/V_EN_600x500_Boda_2017-0928_01_army_DE_Naza%26IMG%3DYQ7.jpeg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
232e68e2bbd247a87746af9d9d3c18a29df9ac8732e7604edf6d64f36c34c3a0

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
1151538
edge-cache-tag
586336537447261217630753974344279746132,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Sat, 11 Aug 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//api-int.x-plarium.com/uploads/V_EN_600x500_Boda_2017-0928_01_army_DE_Naza%26IMG%3DYQ7.jpeg
content-length
33750
x-served-by
cache-hhn1526-HHN
last-modified
Wed, 11 Jul 2018 08:04:23 GMT
server
cloudinary
x-timer
S1532978802.714224,VS0,VE1
etag
"a523749a35e0cad670463ec6b1257b53"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
2018-03-29_Runtastic_BCN-921-retouched_082474ac48d2704d17aa85667d227944.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/263b8c16-3c6d-457a-b5ce-340407b38f39/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/263b8c16-3c6d-457a-b5ce-340407b38f39/2018-03-29_Runtastic_BCN-921-retouched_082474ac48d2704d17aa85667d227944.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
378236b9046b90563d2fd1ddc09e5e3ff5412bfcc6eecea9ef9443db4d4b7787

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
7362
edge-cache-tag
493633465038704090833339499006982707610,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200, 200 OK
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/263b8c16-3c6d-457a-b5ce-340407b38f39/2018-03-29_Runtastic_BCN-921-retouched_082474ac48d2704d17aa85667d227944.jpg
content-length
19842
x-request-id
3770b548598fde7f
x-served-by
cache-hhn1526-HHN
last-modified
Mon, 30 Jul 2018 15:22:06 GMT
server
cloudinary
x-timer
S1532978802.714200,VS0,VE1
etag
"52647f2ceec875637eac1c374280b709"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
2d63ec9bd58d09afb873d6d6de9d709d.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2d63ec9bd58d09afb873d6d6de9d709d.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
7321ca17b13ff4bad781fe5ad62c96833e5ff330e0fa896404df14e3fd801302

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
1477295
edge-cache-tag
446315133709552142194133121900348879734,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200, 200 OK
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2d63ec9bd58d09afb873d6d6de9d709d.jpg
content-length
24220
x-request-id
073812f7d2b4081c
x-served-by
cache-hhn1526-HHN
last-modified
Fri, 13 Jul 2018 08:30:06 GMT
server
cloudinary
x-timer
S1532978802.715603,VS0,VE1
etag
"27700552abd2aac63678128ba20a0fcc"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
669199952__qTpxvX5l.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/669199952__qTpxvX5l.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
5b026138177db9b4294a33af42218f39e65a9cac5cd19ad774935b17b124c429

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
1184556
edge-cache-tag
597020016757644011957067822134605023676,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Thu, 19 Jul 2018 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/FKF/669199952__qTpxvX5l.jpg
content-length
24574
x-served-by
cache-hhn1526-HHN
last-modified
Mon, 18 Jun 2018 04:50:37 GMT
server
cloudinary
x-timer
S1532978802.715973,VS0,VE0
etag
"92ac70790c8df4386445d9b7ba6b265b"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
6
asd_1000x600_76916edd984ddabc9a5464ab2109c060.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/8a0a6450-ee62-42f7-9f45-7c036a502304/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/8a0a6450-ee62-42f7-9f45-7c036a502304/asd_1000x600_76916edd984ddabc9a5464ab2109c060.png
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
9a4c4beb3f21c1f702de210b1128bdcb70a14e5eab3fba2a6aef1697054e3261

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
333135
edge-cache-tag
292729629456180017122757324690238350532,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200, 200 OK
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/8a0a6450-ee62-42f7-9f45-7c036a502304/asd_1000x600_76916edd984ddabc9a5464ab2109c060.png
content-length
16378
x-request-id
f037dbec9cd5a45d
x-served-by
cache-hhn1526-HHN
last-modified
Thu, 26 Jul 2018 19:29:03 GMT
server
cloudinary
x-timer
S1532978802.716243,VS0,VE0
etag
"41d144c8251866c399fe4fe0cab42b9d"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
f8ef6eaaf6e050944e8a9b6a4aa2c532.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f8ef6eaaf6e050944e8a9b6a4aa2c532.jpg
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
ee8b7362e377daeec3f2071c8e0bc09a22a210ccd9e74d232de5c9e5383b16c8

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
via
1.1 varnish
age
692537
edge-cache-tag
423159928029123894912960658643618800578,458574902931770092503625703561724709750,29ecf9b93bbf306179626feeda1fab70
status
200, 200 OK
x-cache
HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_320%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f8ef6eaaf6e050944e8a9b6a4aa2c532.jpg
content-length
12281
x-request-id
7500687c5cde00c1
x-served-by
cache-hhn1526-HHN
last-modified
Wed, 09 May 2018 02:04:52 GMT
server
cloudinary
x-timer
S1532978802.719717,VS0,VE1
etag
"f1bbe6be51c6d94159c2d6bc39225300"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
truncated
/ Frame 83A5 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf2ea04d5132c65283af49cde84945438896cdecac59238b465cd334efdb7ed2

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame 83A5 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=en.softonic.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ Frame 83A5 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=en.softonic.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
104
x-xss-protection
1; mode=block
ca-pub-9488838626649539.js
pagead2.googlesyndication.com/pub-config/r20160913/ Frame 83A5 		133 B
276 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9488838626649539.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 17:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 29 Jul 2018 20:45:10 GMT
server
sffe
age
8470
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=43200
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
125
x-xss-protection
1; mode=block
expires
Tue, 31 Jul 2018 05:05:31 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20180725/r20180604/ Frame B747 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20180725/r20180604/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20180725/r20180604/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
IDE=AHWqTUnBHdlmirIzIrVPxUtEA1gzwGAWlmza2pqnVo5fOoBh_hfxjtmjOTw7fqNb; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 25 Jul 2018 20:16:46 GMT
expires
Wed, 08 Aug 2018 20:16:46 GMT
content-type
text/html; charset=UTF-8
etag
14382040638843487582
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6932
x-xss-protection
1; mode=block
cache-control
public, max-age=1209600
age
428995
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/ Frame 702D 		186 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
44cdc36a5f94455bba1da68b9e823e1a5412dbf5a183f4e03681d5fc0157ad8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
70291
x-xss-protection
1; mode=block
server
cafe
etag
17263523407644880337
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:26:41 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/legacy-api.min.js
Protocol
SPDY
Server
2a00:1450:4001:814::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 19 Jul 2018 18:18:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
954520
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
33951
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Jul 2019 18:18:01 GMT
widgets.js
platform.twitter.com/ 		118 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41AF) /
Resource Hash
e5f8d0ce988d869b287f9498b3c779eaddd47b3e19c5fd82fee9f286e8f74298

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 27 Jul 2018 16:48:04 GMT
Server
ECS (fcn/41AF)
Etag
"ea6d43e2e4c9a7da8dadb95b466ec5cd+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=1800
Content-Type
application/javascript; charset=utf-8
Content-Length
35308
plusone.js
apis.google.com/js/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
SPDY
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
583819275c027b77cbb712672dfd159346a90aa595d22eb929aedbbda5c86867
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
script-src 'report-sample' 'nonce-Iwtg73r5xIwjTeCL0fXvdIEGpuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"146a36c700e585f713e44efaf70488a5"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:26:41 GMT
sdk.js
connect.facebook.net/en_EN/ 		221 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_EN/sdk.js
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
SPDY
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
4f9d6627c7bfdfd91cac3bf8e9b72e0aa57eed53299cbcf5d41fe45806bf87bd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
content-md5
TBBaj/UFE6fgUaSBV+ijIQ==
status
200
content-length
67886
x-xss-protection
0
x-fb-debug
jBXVu6/mTqU9L/rCYOHJ1ZRq+q85Gg7l+fzxyCMxQbQBvBy7P0Was7D5oUdtelPQSUmOCxGaPRfQqHcPspl5Uw==
x-fb-content-md5
00b46f46aef83cfb07f775d15d58930c
x-frame-options
DENY
date
Mon, 30 Jul 2018 19:26:41 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"5b4388eee058dcf6af9307c05de30b8a"
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:41:54 GMT
sso.htm
cdns.eu1.gigya.com/gs/ Frame BCE5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w&ssoSegment=&version=latest&build=1636
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
cdns.eu1.gigya.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Cookie
apiDomain_3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w=login.softonic.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Edge-Cache-Tag
siteid_7329031,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Soa
true, Gator
X-Server
us1a-nomad-g07
X-CallID
33ec21c82f554967a365280e14219c42
Content-Encoding
gzip
X-Gigya-HA-cfg-ver
5
X-Robots-Tag
none
Content-Length
16315
Vary
Accept-Encoding
Cache-Control
private, max-age=86400
Date
Mon, 30 Jul 2018 19:26:41 GMT
Connection
keep-alive
ads
googleads.g.doubleclick.net/pagead/ Frame BCBA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9488838626649539&output=html&h=190&slotname=2267385248&adk=867463667&adf=3279755396&w=300&rafmt=10&npa=1&guci=1.2.0.0.2.1.0&format=300x190_0ads_al&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ea=0&flash=0&wgl=1&adsid=NT&dt=1532978801813&bpp=25&bdt=750&fdt=28&idt=153&shv=r20180725&cbv=r20180604&saldr=aa&correlator=6383229769023&frm=23&ife=4&pv=2&ga_vid=2128596258.1532978801&ga_sid=1532978802&ga_hid=814910034&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=11&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1133&ady=260&biw=1585&bih=1200&isw=300&ish=250&ifk=4188909409&scr_x=0&scr_y=0&eid=10573695%2C21060853%2C21062171%2C368226400%2C828064254%2C21061796&oid=3&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=148&bc=7&osw_key=442837976&ifi=1&fsb=1&dtd=190
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/show_ads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9488838626649539&output=html&h=190&slotname=2267385248&adk=867463667&adf=3279755396&w=300&rafmt=10&npa=1&guci=1.2.0.0.2.1.0&format=300x190_0ads_al&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&ea=0&flash=0&wgl=1&adsid=NT&dt=1532978801813&bpp=25&bdt=750&fdt=28&idt=153&shv=r20180725&cbv=r20180604&saldr=aa&correlator=6383229769023&frm=23&ife=4&pv=2&ga_vid=2128596258.1532978801&ga_sid=1532978802&ga_hid=814910034&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=11&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1133&ady=260&biw=1585&bih=1200&isw=300&ish=250&ifk=4188909409&scr_x=0&scr_y=0&eid=10573695%2C21060853%2C21062171%2C368226400%2C828064254%2C21061796&oid=3&ref=https%3A%2F%2Ft.co%2F3pqwIUYoWh&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=148&bc=7&osw_key=442837976&ifi=1&fsb=1&dtd=190
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
IDE=AHWqTUnBHdlmirIzIrVPxUtEA1gzwGAWlmza2pqnVo5fOoBh_hfxjtmjOTw7fqNb; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 30 Jul 2018 19:26:42 GMT
server
cafe
cache-control
private
content-length
3200
x-xss-protection
1; mode=block
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
osd.js
pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/ Frame 83A5 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180725/r20180604/show_ads_impl.js
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
04d078a7462a26b8ac77cd49f31ceab69f7669dc0ff719b60d8ba2368bf2e423
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 25 Jul 2018 20:17:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
428982
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26262
x-xss-protection
1; mode=block
server
cafe
etag
4450274242919262769
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 08 Aug 2018 20:17:00 GMT
/
api.optmnstr.com/v2/geolocate/json/ 		194 B
507 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.optmnstr.com/v2/geolocate/json/
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Protocol
SPDY
Server
50.17.52.222 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-50-17-52-222.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
e2b48061f14ab4b9f7cef3f8f4de4da920c65cf1a9b59a7bde6f9c36c7ca0d24

Request headers

Accept
*/*
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-user-agent
standard
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Mon, 30 Jul 2018 19:26:42 GMT
x-cache-status
BYPASS
vary
Origin
content-type
application/json
access-control-allow-origin
https://en.softonic.com
x-ratelimit-remaining
9999
access-control-allow-credentials
true
x-ratelimit-reset
1532978862
x-ratelimit-limit
10000
x-database-date
Tue, 24 Jul 2018 07:52:09 GMT
content-length
194
css
fonts.googleapis.com/ 		10 KB
879 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C800
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/994e2-7e289.js
Protocol
SPDY
Server
2a00:1450:4001:817::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
73ec953910994429bf8cbb7a8a14c33566660a37ea70cd5dee8334de6338f05c
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=600
content-encoding
gzip
last-modified
Mon, 30 Jul 2018 19:26:42 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 30 Jul 2018 19:26:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
expires
Mon, 30 Jul 2018 19:26:42 GMT
b6d3c-be66b.png
m.sftcdn.net/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.sftcdn.net/images/b6d3c-be66b.png
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
54.230.44.203 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-44-203.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
7a2a36b109ce7c47f2b013ecfbc4da3152fcb837bc9fbcdf291e5b3c5c2a4bdc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-version
1.348.0-1323
date
Fri, 30 Mar 2018 07:50:49 GMT
via
1.1 varnish, 1.1 9aac77db976fd4f008caa822737485da.cloudfront.net (CloudFront)
age
12046546
x-cache
Hit from cloudfront
status
200
content-length
3162
x-detected-as
desktop
x-request-id
6193a778-469b-4e06-acc3-3c4a3a4a45c2
x-served-by
sftmobilewww10.bcn.softonic.lan
last-modified
Mon, 12 Mar 2018 16:13:44 GMT
server
nginx
etag
"601fece93ee4ddb2e152ec4ffa99b824d3ada47e"
content-language
es-ES
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, OPTIONS
x-varnish
646208407 428278863
access-control-allow-origin
*
cache-control
max-age=31557600, must-revalidate
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-type
image/png
access-control-allow-headers
Origin, X-Requested-With, Accept, Content-Type, If-None-Match
x-amz-cf-id
RPUyn-FB8MxxEebZ5wyWVWtEIw_Kli27tBosHgNcDwbpc71M2F5Uzw==
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2TvnrotPLFI.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA/ 		182 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2TvnrotPLFI.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
SPDY
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
de43bbf8228121884d355dda876f5dd5a6239091d4f53993387746fa40c412d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 17:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 28 Jul 2018 10:33:18 GMT
server
sffe
age
5593
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
64515
x-xss-protection
1; mode=block
expires
Tue, 30 Jul 2019 17:53:29 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2TvnrotPLFI.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA/ 		74 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2TvnrotPLFI.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
SPDY
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
516685e4f42248f5c2cfed09bf5bacf46279d5b82685cf66a2c9bdd2f7680671
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 17:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 28 Jul 2018 10:33:18 GMT
server
sffe
age
5593
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
26354
x-xss-protection
1; mode=block
expires
Tue, 30 Jul 2019 17:53:29 GMT
sharebutton
apis.google.com/se/0/_/+1/ Frame 0833 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&height=&width=&hl=en&origin=https%3A%2F%2Fen.softonic.com&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
apis.google.com
:scheme
https
:path
/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&height=&width=&hl=en&origin=https%3A%2F%2Fen.softonic.com&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
NID=135=i1BCVoSPqT9CnNPQgNLAIiUVZG-knj0PNRr5z1B8Ph1nEUuGlpm5Lsi08tQEvL8_Ih6VI_x844eWR396NiZwfYpd3zYI2k8SFFmi9QoJ7DTgWFOXp8ZUc-5T6v0HDSJV
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
content-type
text/html; charset=utf-8
x-ua-compatible
IE=edge, chrome=1
vary
Accept-Encoding
timing-allow-origin
*
expires
Mon, 30 Jul 2018 19:26:42 GMT
date
Mon, 30 Jul 2018 19:26:42 GMT
cache-control
private, max-age=3600
content-security-policy-report-only
script-src 'report-sample' 'nonce-zdoboe9AeO/Ax1rAG4AQi8SK49s' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /se/0/_/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
1; mode=block
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html
platform.twitter.com/widgets/ Frame F6AA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.cb6df5c11eb74c4885e17101a777cb60.html?origin=https%3A%2F%2Fen.softonic.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/419B) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Encoding
gzip
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Jul 2018 19:26:42 GMT
Etag
"6f4bb4155518386526ca164541e6b1ce+gzip"
Last-Modified
Fri, 27 Jul 2018 16:47:05 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/419B)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5868
button.bf357a6ba1a5f1fa0ddb61377ae3add5.js
platform.twitter.com/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.bf357a6ba1a5f1fa0ddb61377ae3add5.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E5) /
Resource Hash
71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 27 Jul 2018 16:47:00 GMT
Server
ECS (fcn/40E5)
Etag
"1d8bf9d779a256fc7c4434c8ce2298c8+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=315360000
Content-Type
application/javascript; charset=utf-8
Content-Length
1397
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:36 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:37 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
Cookie set a-00k5
i.liadm.com/s/c/ Frame C84F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://i.liadm.com/s/c/a-00k5?s=&cim=&ps=true&ls=false&duid=a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0&domainSessionId=898d0c91-3477-4600-a0f9-3380b4db45d6&ppid=0&ci=0&version=sc-2.1.0&nosync=false&
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-00k5.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.209.69.152 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-209-69-152.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Host
i.liadm.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Cookie
lidid=cf036d0a-f843-46a1-a537-41791e057f41
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Cache-Control
private, no-cache, max-age=0
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 30 Jul 2018 19:26:42 GMT
ETag
1.61803398874
Set-Cookie
_li_ss=MgUIBhC8BzIFCAkQvAcyBQgKELwHMgUICxC8BzIFCAwQvAcyBQgNEK4HMgUIeRC7Bw; Max-Age=2592000; Expires=Wed, 29 Aug 2018 19:26:42 GMT; Path=/s
Vary
Accept-Encoding
Content-Length
688
Connection
keep-alive
sso.htm
cdns.eu1.gigya.com/gs/ Frame BF8D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w&ssoSegment=&version=latest&build=1636
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.36 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-36.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
cdns.eu1.gigya.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Cookie
apiDomain_3_L9tKcr_U0jIkc8uIG9sVMK2HdTEAm99_yglWxy6o8DQ-SiSJuUuURkAhPM9wt69w=login.softonic.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Edge-Cache-Tag
siteid_7329031,ver_latest
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Soa
true, Gator
X-Server
us1a-nomad-g07
X-CallID
33ec21c82f554967a365280e14219c42
Content-Encoding
gzip
X-Gigya-HA-cfg-ver
5
X-Robots-Tag
none
Content-Length
16315
Vary
Accept-Encoding
Cache-Control
private, max-age=86400
Date
Mon, 30 Jul 2018 19:26:42 GMT
Connection
keep-alive
postmessageRelay
accounts.google.com/o/oauth2/ Frame 8649 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fen.softonic.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2TvnrotPLFI.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:817::200d , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-X3/XcAi2vrb7HPtY838HLwuK3Js' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fen.softonic.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2TvnrotPLFI.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMLO7MfS0gPcMOFOl_aA3wxCIQFWA%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
NID=135=i1BCVoSPqT9CnNPQgNLAIiUVZG-knj0PNRr5z1B8Ph1nEUuGlpm5Lsi08tQEvL8_Ih6VI_x844eWR396NiZwfYpd3zYI2k8SFFmi9QoJ7DTgWFOXp8ZUc-5T6v0HDSJV
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 30 Jul 2018 19:26:42 GMT
content-security-policy
script-src 'report-sample' 'nonce-X3/XcAi2vrb7HPtY838HLwuK3Js' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
1; mode=block
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:37 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tweet_button.cb6df5c11eb74c4885e17101a777cb60.en.html
platform.twitter.com/widgets/ Frame 06C3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.cb6df5c11eb74c4885e17101a777cb60.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40D1) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Content-Encoding
gzip
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Jul 2018 19:26:42 GMT
Etag
"d1859ff379fd376210753587597519b3+gzip"
Last-Modified
Fri, 27 Jul 2018 16:47:04 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40D1)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
12522
bSTT5dUx9MY.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 8AFC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/bSTT5dUx9MY.js?version=42
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_EN/sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/bSTT5dUx9MY.js?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
fr=0bNNCCP9Tm9MPe9HN..BbX2Zy...1.0.BbX2Zy.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
expires
Sat, 27 Jul 2019 15:34:20 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
public,max-age=31536000,immutable
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary
Accept-Encoding
content-encoding
gzip
x-fb-debug
2apqrlgr97v9YcP0yW7qRAUb2b+gjUDOjjNqN9zBTwLLfDXEkhcmfQBXZx2fCZPfqcZpVR6JR/raWcKyIP2PwA==
content-length
13894
date
Mon, 30 Jul 2018 19:26:42 GMT
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:37 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
jot.html
platform.twitter.com/ Frame 09AE
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B3) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
Origin
null
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Jul 2018 19:26:43 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Fri, 27 Jul 2018 16:48:03 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40B3)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Mon, 30 Jul 2018 19:26:43 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Mon, 30 Jul 2018 19:26:43 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
d5f20d75f5f25fdfd302679341ee8e2d
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
119
x-transaction
0002f98f0031211b
x-tsa-request-body-time
1
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
jot
syndication.twitter.com/i/ 		43 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%22%2C%22widget_frame%22%3Anull%2C%22duration_ms%22%3A692.4999989569187%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1532978803112%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%223b6761b%3A1532709784359%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22action%22%3A%22render%22%2C%22page%22%3A%22page%22%2C%22component%22%3A%22performance%22%7D%7D
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
104.244.42.136 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
270
pragma
no-cache
last-modified
Mon, 30 Jul 2018 19:26:43 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
d5f20d75f5f25fdfd302679341ee8e2d
x-transaction
0041d3b400f82c38
expires
Tue, 31 Mar 1981 05:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 83A5 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstUSzo8xhEZRnmMzpyZZ-eFD0kFDswPotEK7XabClcjkxSgokzleXZEIscnwvEv0-Oq_aqPPrTCvwKKotT8CiBg7RDPX1T4fps&sig=Cg0ArKJSzDDk3NeMa-NIEAE&adk=3829938641&tt=1374&bs=1585,1200&mtos=1282,1282,1282,1282,1282&tos=1282,0,0,0,0&p=260,1133,510,1433&mcvt=1282&rs=3&ht=0&tfs=91&tls=1373&mc=1&lte=1&bas=0&bac=0&avms=geo&rst=1532978801383&rpt=475&bos=1600,1200&ps=1585,5961&ss=1600,1200&pt=-1&deb=1-0-3-11-6--1-38-3&tvt=1356&op=1&r=v&id=osdim&ti=1&uc=1&tgt=INS&cl=1&cec=7&clc=0&cac=0&cd=300x190&v=r20180725
Requested by
Host: en.softonic.com
URL: https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Protocol
SPDY
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Jul 2018 19:26:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
graph.facebook.com/ 		938 B
882 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?ids=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&callback=gig_pc_facebook_1532978801862_31670258362990733
Requested by
Host: cdns1.gigya.com
URL: https://cdns1.gigya.com/js/gigya.services.socialize.plugins.shareCounts.min.js?version=latest
Protocol
SPDY
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
b90df76d87afec433745753c52160aea9aa79155b31e8022730ac4c4f4563498
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
etag
"15f7966d1d46feb1d65f9974fe553d4b08763bd8"
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
x-fb-rev
4154066
content-length
468
pragma
no-cache
x-fb-debug
KVmvPDWBS7E6H86Ix+YxfreJye3QA1xfwZ/Ibzz2N0IQii9+NHiPOo1RHqBlbvo3KJ7fkeaH5IDqMNO/HAKLeg==
x-fb-trace-id
CVbrUDaBmsl
date
Mon, 30 Jul 2018 19:26:45 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.7
expires
Sat, 01 Jan 2000 00:00:00 GMT
share
www.linkedin.com/countserv/count/ 		287 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/countserv/count/share?format=jsonp&url=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&callback=gig_pc_linkedin_1532978801862_40389445594945395
Requested by
Host: cdns1.gigya.com
URL: https://cdns1.gigya.com/js/gigya.services.socialize.plugins.shareCounts.min.js?version=latest
Protocol
SPDY
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
83a94fe96ec2272863e7e8d63d2f5d3758c3603921c73ecf5f70077ef520c8b0
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 30 Jul 2018 19:26:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-li-uuid
5NcT4Bk8RhWQV+NrvCoAAA==
server
Apache-Coyote/1.1
pragma
no-cache
x-li-pop
prod-efr5
x-frame-options
sameorigin
strict-transport-security
max-age=2592000
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
feedback.php
www.facebook.com/plugins/ Frame 2CF0
Redirect Chain
  • https://www.facebook.com/plugins/comments.php?api_key=&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3De...
  • https://www.facebook.com/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_EN/sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f12d:86:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
accept-encoding
gzip, deflate
cookie
fr=0bNNCCP9Tm9MPe9HN..BbX2Zy...1.0.BbX2Zy.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

status
200
timing-allow-origin
*
x-xss-protection
0
pragma
no-cache
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control
private, no-cache, no-store, must-revalidate
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html; charset="utf-8"
x-fb-debug
FXiug0hd7gytBUCbDbVoQ03pGl5OgpxXt6JdnFaOMK43SsQrKzgul6poXlsxnRlAQjGZuoXdhuNOIyWddTgXJQ==
date
Mon, 30 Jul 2018 19:26:45 GMT

Redirect headers

status
302
location
https://www.facebook.com/plugins/feedback.php?api_key&channel_url=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FbSTT5dUx9MY.js%3Fversion%3D42%23cb%3Df316bab1dece24c%26domain%3Den.softonic.com%26origin%3Dhttps%253A%252F%252Fen.softonic.com%252Ff217fefe429deb%26relation%3Dparent.parent&href=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times&locale=en_US&mobile=false&numposts=10&order_by=social&sdk=joey&version=v1.0&width=100%25
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
vary
Origin
access-control-expose-headers
X-FB-Debug, X-Loader-Length
access-control-allow-origin
https://www.facebook.com
access-control-allow-credentials
true
content-type
text/html; charset="utf-8"
x-fb-debug
cr2LW2D5TbCloFRSiBpNzsMn/scTxv4EuQJU0+4FR4S/ErPvtZOpThTLDx+1TXsYGu1dBKWQQbEy2ttjT/npIw==
content-length
0
date
Mon, 30 Jul 2018 19:26:45 GMT
usync.html
eus.rubiconproject.com/ Frame 246F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=BORugBlORugBlAcABBENAZ-AAAAFuAEAAUACAAGgAWw
Requested by
Host: sc.sftcdn.net
URL: https://sc.sftcdn.net/scripts/17ecc-3c252.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
D80159E53E9C428D96B9CE52927F19C5
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Mon, 23 Jul 2018 14:21:39 GMT
Content-Encoding
gzip
Content-Length
7559
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=39857
Expires
Tue, 31 Jul 2018 06:31:02 GMT
Date
Mon, 30 Jul 2018 19:26:45 GMT
Connection
keep-alive
Vary
Accept-Encoding
gscounters.sendReport
login.softonic.com/ 		171 B
540 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.softonic.com/gscounters.sendReport?reports=%5B%7B%22name%22%3A%22loadc%22%2C%22time%22%3A%221532978801211%22%2C%22reportData%22%3A%7B%22sref%22%3A%22https%3A%2F%2Ft.co%2F3pqwIUYoWh%22%7D%7D%2C%7B%22name%22%3A%22load%22%2C%22time%22%3A%221532978801514%22%2C%22source%22%3A%22showShareBarUI%22%2C%22reportData%22%3A%7B%7D%7D%2C%7B%22name%22%3A%22linkback%22%2C%22time%22%3A%221532978803370%22%2C%22reportData%22%3A%7B%22url%22%3A%22https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer%22%2C%22ref%22%3A%22https%3A%2F%2Ft.co%2F3pqwIUYoWh%22%2C%22sn%22%3A%22twitter%22%7D%7D%5D&APIKey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&sdk=js_latest&authMode=cookie&pageURL=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&format=jsonp&callback=gigya.callback&context=R1609477808
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_Snkrf0bu_hMVnQj3RNLIYsEbjTRtHHToxPzmTRxO0COCQTXewDpSz526HF8J3hCm&lang=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.139.16 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-247-139-16.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a49deddc235b00416247b9258e141a5cd739341b3c919380c270e5583731b553

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
login.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Connection
keep-alive
Cache-Control
no-cache
Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 30 Jul 2018 19:26:46 GMT
Content-Type
application/ecmascript; charset=utf-8
Server
nginx
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-LegacyProxy
true
Cache-Control
no-cache
X-Server
eu1b-web702
X-Version
1
Connection
keep-alive
X-Robots-Tag
none
X-Gigya-HA-cfg-ver
5
Content-Length
171
Expires
-1
pip_icon.png
cdn.playwire.com/sticky_video/ 		390 B
748 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.playwire.com/sticky_video/pip_icon.png
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
cb88a25d8f9f800d87a9d6587c497aada822e6b5672539e5563dfaa5453508b9

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 30 Jul 2018 19:26:47 GMT
Last-Modified
Mon, 25 Sep 2017 17:19:57 GMT
ETag
"1506359997"
X-HW
1532978801.dop007.fr8.shc,1532978807.dop007.fr8.t,1532978807.cds042.fr8.c
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=432000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
390
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:42 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:47 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:42 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:42 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:43 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:48 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.playwire.com
URL: https://cdn.playwire.com/bolt/js/plow-2.6.1.js
Protocol
HTTP/1.1
Server
52.7.226.127 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-7-226-127.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Mon, 30 Jul 2018 19:26:43 GMT
Server
Apache-Coyote/1.1
Access-Control-Max-Age
1800
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
Content-Length
0
tp2
echo.intergient.com/com.snowplowanalytics.snowplow/ 		0
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://echo.intergient.com/com.snowplowanalytics.snowplow/tp2
Protocol
HTTP/1.1
Server
34.226.181.234 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-226-181-234.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://en.softonic.com/articles/malware-filled-chrome-extensions-have-been-downloaded-500000-times?utm_content=buffera10d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Origin
https://en.softonic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Date
Mon, 30 Jul 2018 19:26:43 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Access-Control-Allow-Origin
https://en.softonic.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/plain; charset=UTF-8
Content-Length
0

Verdicts & Comments Add Verdict or Comment

211 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| tracker object| sam function| OneSignal string| GoogleAnalyticsObject function| ga object| WebFontConfig function| parseCookie object| compliantSelector object| dataLayer number| __oneSignalSdkLoadCount function| __jp0 object| webpackJsonp object| __core-js_shared__ object| core function| pbjsChunk object| pbjs function| st function| __cmp object| googletag object| Criteo object| WebFont object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken function| Waypoint object| zp object| zeusBootScript boolean| zeusBootScriptIsLoading boolean| zeusBootScriptHasLoaded string| zeusBaseUrl string| boltBaseUrl number| zeusTimestamp object| _taboola object| google_tag_manager function| postscribe object| cssStyles object| GlobalSnowplowNamespace function| playwiretracker object| ZeusGA object| Bolt object| Zeus object| ivu2shpfutgmrrypqfob function| ivu2shpfutgmrrypqfob_poll object| bk9ghfis7jtnpghvdwee function| bk9ghfis7jtnpghvdwee_poll object| GPT_jstiming object| closure_memoize_cache_ undefined| google_measure_js_timing boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id number| google_unique_id object| gaGlobal object| TRC object| _tblConsole undefined| msg object| _comscore object| vdgkwytmd3kgzmizdjqo function| vdgkwytmd3kgzmizdjqo_poll undefined| a undefined| c object| OneTrust object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups function| OptanonWrapper undefined| vglnk string| waypointContextKey object| __gigyaConf function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| gaplugins object| Snowplow function| udm_ object| ns_p object| COMSCORE function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| $ function| jQuery object| jQuery111205048477036513837 function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded object| stickyJS object| criteo_pubtag object| gigya function| __extends function| __gig_awaiter function| __gig_generator object| defaultObjects object| defaultObjectsDef function| createDefaultObject function| _createConstructor string| def function| ES6Promise object| tags object| BKTAG function| bk_addUserCtx function| bk_addPageCtx function| bk_addEmailHash function| bk_addPhoneHash function| bk_doJSTag function| bk_doJSTag2 function| bk_doCarsJSTag function| bk_doPartnerAltTag function| bk_doCallbackTag function| bk_doCallbackTagWithTimeOut boolean| bk_allow_multiple_calls boolean| bk_use_multiple_iframes function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcDOMWalker function| __trcPurgeEventHandlers function| __trcJSONify function| __trcGetMargins function| __trcAttachResize function| __trcDetachResize function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| __trcUnJSONify function| Gettext object| amp function| PageManager object| modObject object| params number| trc_debug_level string| trc_article_id boolean| trc_testmode object| TRCImpl number| taboola_view_id function| pbjsChunkPwZeus object| __pwhbjs__ function| cygnus_index_parse_res function| index_render function| headertag_render object| cygnus_index_args object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| LI string| btnImg function| gig-googlePlusOne-gigya-share-bar-reaction2 object| amznpassback function| amzn_ads object| amznads function| aax_write function| amznMatchCookie function| aax_render_ad object| gaData object| _omapp function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure object| google_reactive_ads_global_state object| google_jobrunner object| gig_pc_facebook_1532978801862_31670258362990733 object| gig_pc_linkedin_1532978801862_40389445594945395 object| OptinMonsterAppOptins boolean| OptinMonsterAppParsedLinks object| OptinMonsterAppLinksParsed object| OptinMonsterAppLinkSlugs object| OptinMonsterAppSettings object| OptinMonsterAppVariables boolean| OptinMonsterAppStorage number| OptinMonsterAppPosition boolean| OptinMonsterAppPopupLoaded object| OptinMonsterAppLocation boolean| OptinMonsterAdbl boolean| OptinMonsterJqLoaded function| OptinMonsterJqGlobal object| OptinMonsterSiteData boolean| OptinMonsterSiteLoaded object| OptinMonsterSiteInit number| OptinMonsterInactivityTime object| ___gcfg function| fbAsyncInit number| google_global_correlator object| google_prev_clients object| gapi object| ___jsl object| ___gu function| __twttrll object| twttr object| __twttr object| FB object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow boolean| ga-disable-UA-152357-1 function| google_osd_amcb

33 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUnBHdlmirIzIrVPxUtEA1gzwGAWlmza2pqnVo5fOoBh_hfxjtmjOTw7fqNb
.facebook.com/ Name: fr
Value: 0bNNCCP9Tm9MPe9HN..BbX2Zy...1.0.BbX2Zy.
.bluekai.com/ Name: bku
Value: lXA99caZUNFeV3o5
.bluekai.com/ Name: bkdc
Value: iad
.softonic.com/ Name: OptanonConsent
Value: landingPath=https%3A%2F%2Fen.softonic.com%2Farticles%2Fmalware-filled-chrome-extensions-have-been-downloaded-500000-times%3Futm_content%3Dbuffera10d2%26utm_medium%3Dsocial%26utm_source%3Dtwitter.com%26utm_campaign%3Dbuffer&datestamp=Mon+Jul+30+2018+19%3A26%3A44+GMT%2B0000+(UTC)&version=3.6.22&groups=1%3A1%2C2%3A1%2C4%3A1
en.softonic.com/ Name: _li_ss
Value: MgUIBhC8BzIFCAkQvAcyBQgKELwHMgUICxC8BzIFCAwQvAcyBQgNEK4HMgUIeRC7Bw
.softonic.com/ Name: _gid
Value: GA1.2.367335337.1532978801
.softonic.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.softonic.com/ Name: gig_hasGmid
Value: ver2
en.softonic.com/ Name: _pwbolt_id.fc5a
Value: 84e126a2-33cd-4141-8109-ab0a0411fd2c.1532978801.1.1532978803.1532978801.2a889512-7fb3-4d28-b062-ae06160efdaa
en.softonic.com/ Name: pwUID
Value: 213239672755547
.softonic.com/ Name: _gaexp
Value: GAX1.2.PVjs5kKmSuC4M7gMF8NZEw.17835.0
en.softonic.com/ Name: playwirePageViews
Value: 1
en.softonic.com/ Name: trc_cookie_storage
Value: softonic-en1%253Asession-data%3Dv2_d0aa113c333617f085ebde0b33c0cf2c_TABOOLA-DO-NOT-TRACK-9bd350ab-9103-4e91-9696-ee96eb4d7c12-tuct258ebf1-1532978801305_1532978801_1532978801_CGoQz55GGJnVoOXOLCABKAEwODib4wlAgooQSJjEF1Cl7BBYAWAA%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522softonic-en1%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3DTABOOLA-DO-NOT-TRACK-9bd350ab-9103-4e91-9696-ee96eb4d7c12-tuct258ebf1-1532978801305
.en.softonic.com/ Name: _ga
Value: GA1.3.2128596258.1532978801
en.softonic.com/ Name: _litra_ses.fc5a
Value: *
.doubleclick.net/ Name: DSID
Value: NO_DATA
.softonic.com/ Name: __gads
Value: ID=592cd6bd972950bd:T=1532978801:S=ALNI_Mbj-P7DxAE5S7_R3BjwgttFXXJKyQ
.softonic.com/ Name: session.fpmSessionId
Value: 60d7c29d-58dd-4c1f-9287-c0579a1da404
.en.softonic.com/ Name: _dc_gtm_UA-152357-1
Value: 1
.en.softonic.com/ Name: _gid
Value: GA1.3.367335337.1532978801
.softonic.com/ Name: session.softonic_mobile.page_views.counter
Value: 1
.softonic.com/ Name: _ga
Value: GA1.2.2128596258.1532978801
.twitter.com/ Name: personalization_id
Value: "v1_mmgpoVAwl3k/Usr63P4gQw=="
en.softonic.com/ Name: _pwbolt_ses.fc5a
Value: *
en.softonic.com/ Name: _omappvs
Value: 1532978801163
.google.com/ Name: NID
Value: 135=i1BCVoSPqT9CnNPQgNLAIiUVZG-knj0PNRr5z1B8Ph1nEUuGlpm5Lsi08tQEvL8_Ih6VI_x844eWR396NiZwfYpd3zYI2k8SFFmi9QoJ7DTgWFOXp8ZUc-5T6v0HDSJV
cdn.playwire.com/bolt/js/zeus Name: loglevel
Value: TIME
.softonic.com/ Name: persistent.fpmUserId
Value: 0be8763a-ad05-4278-aa94-a6b6c41795c4
.softonic.com/ Name: persistent.softonic_mobile.page_views.counter
Value: 1
en.softonic.com/ Name: _omappvp
Value: E1L8nlq5ep4SNp5I0e9dNlQ01fUEfXySx1bupwTxt82b8Fh4vsPLjcXTfXV6zwwmMuWVVbUnFZ8klyCdTcxifSjrVXNPRqSI
en.softonic.com/ Name: _litra_id.fc5a
Value: a-00k5--0ea8347b-60ee-4e22-9dbf-2ed4faf1edc0.1532978801.1.1532978801.1532978801.898d0c91-3477-4600-a0f9-3380b4db45d6
en.softonic.com/articles Name: _liChk
Value: 0.8175439324487048

8 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/embed.js(Line 1)
Message:
[Embed] Zeus script id
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/embed.js(Line 1)
Message:
[Embed] Zeus timestamp
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/embed.js(Line 1)
Message:
[Embed] Zeus base URL
console-api log (Line 1)
Message:
No Universal Analytics cookie found
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js(Line 2)
Message:
[Zeus Global] - Matched Rule - Path: ros | Device: any
console-api log URL: https://cdn.playwire.com/bolt_plugins/stickyVideo/sticky.min.js(Line 1)
Message:
[Sticky.js Debug] - sticky.js version: 2.3.1 loaded
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js(Line 2)
Message:
[zeus_global receiveMessage] zeusBootLoaded
console-api log URL: https://cdn.playwire.com/bolt/js/zeus/zeus_global-fb8881ea67-6431027e84.js(Line 2)
Message:
[Zeus Global] - zeus_boot file has loaded! Prebid Winner

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2.gravatar.com
a.optmnstr.com
a.optnmstr.com
accounts.google.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
aka-cdn-ns.adtechus.com
ampcid.google.com
ampcid.google.de
api.optmnstr.com
apis.google.com
articles-images.sftcdn.net
as-sec.casalemedia.com
b-code.liadm.com
bidder.criteo.com
c.amazon-adsystem.com
c.liadm.com
cdn.cookielaw.org
cdn.onesignal.com
cdn.playwire.com
cdn.taboola.com
cdn.video.playwire.com
cdns.eu1.gigya.com
cdns.gigya.com
cdns1.gigya.com
cdns2.gigya.com
config.playwire.com
connect.facebook.net
echo.intergient.com
en.softonic.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fb.me
fonts.googleapis.com
googleads.g.doubleclick.net
graph.facebook.com
i.liadm.com
ib.adnxs.com
images.taboola.com
login.softonic.com
m.sftcdn.net
onesignal.com
pagead2.googlesyndication.com
platform.twitter.com
sb.scorecardresearch.com
sc.sftcdn.net
securepubads.g.doubleclick.net
stags.bluekai.com
static.criteo.net
staticxx.facebook.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tags.bkrtx.com
tpc.googlesyndication.com
trc.taboola.com
www.anrdoezrs.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
104.111.214.103
104.111.230.142
104.111.238.79
104.244.42.133
104.244.42.136
151.101.114.133
151.101.114.2
152.195.132.202
172.217.16.194
172.227.114.224
178.250.2.130
178.250.2.89
185.33.223.208
192.0.73.2
2.18.234.21
2.18.234.36
205.185.216.10
205.185.216.42
216.58.208.34
23.111.11.83
23.111.9.217
2400:cb00:2048:1::6810:d0a5
2606:2800:234:13d4:25ff:664:671:13a5
2606:2800:234:46c:e8b:1e2f:2bd:694
2a00:1450:4001:814::200a
2a00:1450:4001:815::2002
2a00:1450:4001:816::2002
2a00:1450:4001:817::2001
2a00:1450:4001:817::2004
2a00:1450:4001:817::2008
2a00:1450:4001:817::200a
2a00:1450:4001:817::200d
2a00:1450:4001:817::200e
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:81e::2002
2a00:1450:4001:825::2002
2a00:1450:400c:c0a::9c
2a00:1450:400e:80a::200e
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a03:2880:f12d:86:face:b00c:0:50fb
2a05:f500:10:101::b93f:9101
34.226.181.234
34.247.139.16
35.233.114.27
50.17.52.222
52.54.14.45
52.7.226.127
54.192.47.197
54.209.69.152
54.230.44.116
54.230.44.136
54.230.44.203
63.215.202.80
69.173.144.142
0025086ee3bfcc2c933bda67677bc67466ffe09f72266833d29b8682d6d64564
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04d078a7462a26b8ac77cd49f31ceab69f7669dc0ff719b60d8ba2368bf2e423
0521b016a9e9dd4926b0fb55728e14631da775f43f317911629c1f83b0bd523d
06682150994bc74a3de30f3c760178fbe81cfa4172b3e0d6da01ba7e4201a5e6
06f962d89b78f084906d06e8820a92f9229874d9aa534f188e9c3f4254c87213
08ab85da3c05eb8a4b4f052589c15bec69d9cbbaf7cca4a007b8f226438105e9
0c3653c14701f1f4e6f4f185c7088e2d843b74286e090f3b55b91c1b798575eb
10eb4f5f3d18ce3074863e32d2ddfd813a820fed1c870fb1771bd8baa88f3327
131be98deb253407fb967d56fe1caa2467ddaaffce6e90f8670f5d77145ee168
14eb889bc717f96486f05bc6c6f2d075e5530d3811fe194dd890463caca2c933
1a1055172b2be3e72b9402710b5cde294cc386914c827426f493fe327a9b55d4
1d2688c06252f820bcedac94f5b751d6e91aa9ba738aa8dfaa7f54627f026384
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1
1e894d1184c4cf77b4fd50ca6cb03ea7dfb9134ea3ffd7ee5b5a69d4c9168b8a
21e105e01591b5b04ef09d2e63dd1dbbd39b41bc45dd029f6f1ef2cd79a637bf
232e68e2bbd247a87746af9d9d3c18a29df9ac8732e7604edf6d64f36c34c3a0
2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6
2db28c63e026d1d3ef854b17e8190f85d1b985091d12c31377c8a25c1154abcd
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2faf89adf1045861c22d2d65c9041ba59497e56660f0514df25e292c5f31e0ae
30f36d6ca25e2f6784ee07c4384694fa918c8dc5dc4fc2528ef8f6f0d5efcce0
3551715983a2de83a7907046caad9f378fa53ee6e76e3223d5ecf3b2588c730e
378236b9046b90563d2fd1ddc09e5e3ff5412bfcc6eecea9ef9443db4d4b7787
3f2ee549297096be5b211d4e2f2cb748de37bf85cd0dfad623c90449bdb28f78
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
3fcee502ea80e2e8005e9e2a70893125c070e9e8e6944adfb9e8bb571647f917
44cdc36a5f94455bba1da68b9e823e1a5412dbf5a183f4e03681d5fc0157ad8a
4ccb02cd5c5aa4bcf2cca5551b4f8efa09c88387efac09d2f321f22745513f46
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f9d6627c7bfdfd91cac3bf8e9b72e0aa57eed53299cbcf5d41fe45806bf87bd
516685e4f42248f5c2cfed09bf5bacf46279d5b82685cf66a2c9bdd2f7680671
55915ee5061d199dc4bce88e30f54390749d7067af6ca3d55fd5a3aa320cf596
5618d2ea6cde29cc1d3c435d908b962a2e14111af849e234a7bba77ba2a7c79f
583819275c027b77cbb712672dfd159346a90aa595d22eb929aedbbda5c86867
5b026138177db9b4294a33af42218f39e65a9cac5cd19ad774935b17b124c429
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40
61fcaeba246e455462388a2ee29df2c1cb6e0b5c1438b4b79175f977475de366
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
669ca8808d232f50685ce7901d1944fe8f05218a7129fabb7f274749d8322485
67cc6d5d8795240ec8941c9368beac93551650ca9db6743ac4a919b38230ba7c
6949d0cd5be1c1cae757bb31602cde4511b5e81e829c2edbd9b78332426383fc
6ab7b4de182b6059afc4878d0218380cfd139d17969e41fc10265d5572ca011f
6de742478df101d8b1a54ea1a94fc593c1f0b3303d874ba6062aee610b55acc2
6f4ec6c347df7c976992d486f2dffa6121fb2ce37346bc82b6220a07916e3bd0
71ef2be76ecf12f431795805b6bfb5a20523b7692be0e6106e8e2d18d3d33632
7321ca17b13ff4bad781fe5ad62c96833e5ff330e0fa896404df14e3fd801302
73ec953910994429bf8cbb7a8a14c33566660a37ea70cd5dee8334de6338f05c
757a143f0e376e328e9ce33678c97c29118043ea40992d77f6f23dcec262c63f
75b716c2e036396c0f56dcf39379c735a21d7898e27586a76853d5ef8a32c116
7a2a36b109ce7c47f2b013ecfbc4da3152fcb837bc9fbcdf291e5b3c5c2a4bdc
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83a94fe96ec2272863e7e8d63d2f5d3758c3603921c73ecf5f70077ef520c8b0
868cc3f20c74614974ff670429aeaa40a6561f08b826ea3803be74c7a825d920
87567ce9ac62bd427dcb65a313ffc8943776afb8e38af245d12c3b029464ba20
88624a401692751c7e94f2ceb977da73541b02dde105dc80e9536050b84662ba
889a70cb72f1e8db781580c3d25b796bc7b3aa8a912b919a2b03fb2f70bc7d7f
8b5dce69d4562d2850257196c0d55b2e0a68967bf4a16c4a51e55308f0d48534
8f49f785c24f5cbbbb956ce51665ccb636129c1f3f31dd06f21b5063cd6506f0
95e2e3f3b266f23886bc16676337f5ea08c4f03df294bdaeace231c1174cc42c
95f2493bceef5a8ebf37d29fcbe7e94c43783f9a377e03f845c835006aec994e
96fddfc7dd13713c1d9d81b4bfbf3e9944e651f9270e12060df386e67b740828
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a4c4beb3f21c1f702de210b1128bdcb70a14e5eab3fba2a6aef1697054e3261
a49deddc235b00416247b9258e141a5cd739341b3c919380c270e5583731b553
a9d519fc5cd448a8ca42b786d99129fd4796f5c72a1dbd03efc0d6e270c32a1c
aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad2d8f37ea170b6a8f268f4f11fad1bb32d07dbadaa6d3d8201a4b286f5d2aad
b1c21123e38ddd50081d30fea749900c29e1d3d9ac0f44c1aa923ee8eb7e7e51
b39fe2c90e86fddaa1a5e0c5de32f90ef181d0dbe6730a7a649763440d351b63
b70c29fb442ecbfaf97100b7875a539d88a9f34b2955554ae10eb89334ffb945
b762127944f19a7bfcd8176e47c4e67231725c9ea410c8aef1bce963f0433232
b90df76d87afec433745753c52160aea9aa79155b31e8022730ac4c4f4563498
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
b9c09a3a4891b34e0a84dc18265578d9661e14dd663551e909138d85cab29fcc
ba1fb66e57035082a781fa02418182f68328fc3096813fd81e005438c162ebb9
bf2ea04d5132c65283af49cde84945438896cdecac59238b465cd334efdb7ed2
c632af82283e66ad12e8be3001186309a87c26b996bb6e92f1665a3519ed31c1
c8238f1a6083e27da733017c0985b1bd1f15add65945bf87b251f159fdf1214a
c975eef2e911faed1f5e0450202594aa145770e0b15436f957e5e1c92b478e3c
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb88a25d8f9f800d87a9d6587c497aada822e6b5672539e5563dfaa5453508b9
cbca67fb248f88809c5f42ba73b47ce820bf68ed7a99f8331e06c959d9bd7535
cce5bedbf1642321b19ea910bf2cba0e391b9e2f71eb74eb55384c687b6f3659
d043e11bbf99ba21b4bde44bb1c3f24df38d3ab21a794d743b08576c23c666a1
d052b6fc73106a99aeef5ce4734ba5256b8e584fdb87e9601df402b3877246f3
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d836f1976a7c932eebf27906e82ce7b75ed5b3ed2d11d54c775248a36f8eba2d
d9b542f8972eede1852eb7cf461d2e472f496466cb7fb9f70862ed26027627c3
dbad5c49cdd89c1d8a4722603b9425048d8067fffafe7928ff53d0a73e5b5544
de2b7605f2ada600c766ff33ee1ab33c0a1d346c6b8b03a2c74075dc0424a5da
de34e56163cf7b887c17a511f4fcff7848ed39e769d40f621dfd5422c92471ba
de43bbf8228121884d355dda876f5dd5a6239091d4f53993387746fa40c412d5
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e105773c850e3031c290758fee11147d27ff58d683d7eb9abc607d5967c875c4
e2b48061f14ab4b9f7cef3f8f4de4da920c65cf1a9b59a7bde6f9c36c7ca0d24
e2fc4535bb6cd1affd10c162fe5d773a4f72c9759ab850d11cd1c2522a840b0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f8d0ce988d869b287f9498b3c779eaddd47b3e19c5fd82fee9f286e8f74298
e781ddf072144a292cba2831f98a62a02935c870cb7db81ccb45370c74aeb448
e9f48f8728914e6ad7fe13bbd581c3a3ad2bcf0c48017437d6c564f8f2ef8c8d
ebb91e2adb5fb3e7f0b45a7583bbda4c09b007d3d8b5b00fb79cd4b884f5ab50
ee16d7ba5d20237441b288eac470af9abe473676d94645e884d233ba99bd8528
ee8b7362e377daeec3f2071c8e0bc09a22a210ccd9e74d232de5c9e5383b16c8
eed6b7be94373ba7691397e3ddcf12a903347d02fe67c589702d9422531116c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3ca766f15c08a52b36c3d080fa934f2c5b3c758e8c8a6e099d464e8375e4a8b
f627a1d66b406df6a33e848d562a6a144a67cf8be9a17a64f698fcb71d0d019c
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6da9ad83e74465de86e7f9270c826817de159581a1af4c4e4683da4fe1978ab
f9e3120e70f158f92b3605de8f8135054451c25bbad4a0a9870a88fd3b15a6f6