urlscan.io logo urlscan.io
SecurityTrails logo

upshotstories.com Open in urlscan Pro
52.26.255.106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hello.oneneck.com/api/mailings/click/PMRGSZBCHIYTCNBTGI4SYITVOJWCEORCNB2HI4DTHIXS65LQONUG65DTORXXE2LFOMXGG33NF5ZXI...
Effective URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Submission: On December 16 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 16 domains to perform 38 HTTP transactions. The main IP is 52.26.255.106, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is upshotstories.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 7th 2020. Valid for: 3 months.
This is the only time upshotstories.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 35.167.165.76 16509 (AMAZON-02)
11 52.26.255.106 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 52.219.112.18 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.14.110 54113 (FASTLY)
1 1 54.192.86.89 16509 (AMAZON-02)
7 54.192.86.88 16509 (AMAZON-02)
1 5 104.108.144.126 16625 (AKAMAI-AS)
2 162.247.242.18 23467 (NEWRELIC-...)
1 2 34.254.144.210 16509 (AMAZON-02)
1 75.2.88.188 16509 (AMAZON-02)
1 52.22.13.178 14618 (AMAZON-AES)
1 52.222.177.74 16509 (AMAZON-02)
38 16
1    35.167.165.76 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-167-165-76.us-west-2.compute.amazonaws.com
hello.oneneck.com
11    52.26.255.106 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-26-255-106.us-west-2.compute.amazonaws.com
upshotstories.com
1    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    52.219.112.18 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-w.amazonaws.com
readupshot.s3.amazonaws.com
1    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    54.192.86.89 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-86-89.ams50.r.cloudfront.net
widget.intercom.io
7    54.192.86.88 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-86-88.ams50.r.cloudfront.net
js.intercomcdn.com
5    104.108.144.126 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-126.deploy.static.akamaitechnologies.com
s.adroll.com
2    162.247.242.18 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-6.nr-data.net
bam.nr-data.net
2    34.254.144.210 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-144-210.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
d.adroll.com
1    75.2.88.188 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ad8b87a22ce463223.awsglobalaccelerator.com
api-iam.intercom.io
1    52.22.13.178 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-13-178.compute-1.amazonaws.com
nextroll.com
1    52.222.177.74 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-177-74.ham50.r.cloudfront.net
static.intercomassets.com
Domain Requested by
11 upshotstories.com upshotstories.com
7 js.intercomcdn.com widget.intercom.io
js.intercomcdn.com
upshotstories.com
5 s.adroll.com 1 redirects upshotstories.com
s.adroll.com
3 readupshot.s3.amazonaws.com upshotstories.com
2 bam.nr-data.net js-agent.newrelic.com
2 www.google-analytics.com upshotstories.com
www.google-analytics.com
1 static.intercomassets.com
1 nextroll.com
1 api-iam.intercom.io js.intercomcdn.com
1 d.adroll.com
1 d.adroll.mgr.consensu.org 1 redirects
1 widget.intercom.io 1 redirects
1 js-agent.newrelic.com upshotstories.com
1 stats.g.doubleclick.net www.google-analytics.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdnjs.cloudflare.com upshotstories.com
1 fonts.googleapis.com upshotstories.com
1 hello.oneneck.com 1 redirects
38 18

This site contains links to these domains. Also see Links.

Domain
linkedin.com
twitter.com
www.facebook.com
www.aagroup.com
www.oneneck.com
Subject Issuer Validity Valid
readupshot.com
Let's Encrypt Authority X3		 2020-10-07 -
2021-01-05		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2019-11-09 -
2021-03-12		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-23 -
2021-05-07		 6 months crt.sh
*.intercomcdn.com
Amazon		 2020-03-29 -
2021-04-29		 a year crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2020-01-29 -
2021-04-29		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
adroll.mgr.consensu.org
Amazon		 2020-10-08 -
2021-11-07		 a year crt.sh
*.intercom.com
Amazon		 2020-05-13 -
2021-06-13		 a year crt.sh
nextroll.com
Let's Encrypt Authority X3		 2020-11-20 -
2021-02-18		 3 months crt.sh
intercomassets.com
Amazon		 2020-08-15 -
2021-09-14		 a year crt.sh

This page contains 3 frames:

Primary Page: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Frame ID: C608CA0C56E67AA3B388612200D07F7B
Requests: 32 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.9a4b449f.js
Frame ID: 6513594C41F4CE82C47DCDF0A3D214D9
Requests: 6 HTTP requests in this frame

Frame: https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Frame ID: 54430237670A45976DDCF07E22D12BAC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://hello.oneneck.com/api/mailings/click/PMRGSZBCHIYTCNBTGI4SYITVOJWCEORCNB2HI4DTHIXS65LQONUG65DTO... HTTP 302
    https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /Phusion Passenger ([\d.]+)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

38
Requests

100 %
HTTPS

29 %
IPv6

16
Domains

18
Subdomains

16
IPs

4
Countries

1453 kB
Transfer

3485 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hello.oneneck.com/api/mailings/click/PMRGSZBCHIYTCNBTGI4SYITVOJWCEORCNB2HI4DTHIXS65LQONUG65DTORXXE2LFOMXGG33NF5ZXI33SNFSXGL3SMVRW65TFOJUW4ZZNMZZG63JNOJQW443PNV3WC4TFFVWGK43TN5XHGLLMMVQXE3TFMQWWM4TPNUWW65LSFVQXI5DBMNVSELBCN5ZGOIR2EJRDMOJRGRRTMMRNGI3WKMZNGRTGKOJNMEZGMMZNGJRTSM3EMZTDCZDDGNRCELBCOZSXE43JN5XCEORCGQRCYITTNFTSEORCNRMESWCTKM3VKNCBGV2EE23SJRMDKWDGOVLVSVKYOFYG6VBYGR4VM6DZNFJGY5BUOBQTAPJCPU====== HTTP 302
    https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22
  • https://widget.intercom.io/widget/x1qj91th HTTP 302
  • https://js.intercomcdn.com/shim.latest.js
Request Chain 27
  • https://s.adroll.com/j/exp/ZWGSKHEW2BBQZHPKDCOD3H/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 29
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ZWGSKHEW2BBQZHPKDCOD3H?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/ZWGSKHEW2BBQZHPKDCOD3H/?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set recovering-from-ransomware-lessons-learned-from-our-attack
upshotstories.com/stories/
Redirect Chain
  • https://hello.oneneck.com/api/mailings/click/PMRGSZBCHIYTCNBTGI4SYITVOJWCEORCNB2HI4DTHIXS65LQONUG65DTORXXE2LFOMXGG33NF5ZXI33SNFSXGL3SMVRW65TFOJUW4ZZNMZZG63JNOJQW443PNV3WC4TFFVWGK43TN5XHGLLMMVQXE3TF...
  • https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
34 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
e3cc198bd19d5003dc7dfcc47dcf0a9237c4890da761a7a55499511d021476b2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
upshotstories.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Status
200 OK
Cache-Control
max-age=0, private, must-revalidate
Vary
Origin Origin
Strict-Transport-Security
max-age=15552000
X-XSS-Protection
1; mode=block
X-Request-Id
caa72edf-e4ac-48d4-be26-d549d6d85401
ETag
W/"e3cc198bd19d5003dc7dfcc47dcf0a92"
X-Frame-Options
SAMEORIGIN
X-Runtime
0.044998
X-Content-Type-Options
nosniff
Date
Wed, 16 Dec 2020 20:38:46 GMT
Set-Cookie
_session_id=KzZibnhqLzJtMm5SZ01Eb3RhZFArVGUvTHZPUjdiMmh3Q0R3b2RRdXVZMWgvZHNDSmtCRkEwZUViY3hvMGpjd28zbFdPQWlsUFkrSjBUVnZKcDRKbnJ1NWV3REdqTTBQS2RiR0p0V1J0enR1SkFXOUU4R1FyUG9NM1VnajN3c3R3U29rSjFqL1pJZnJuUDEzcjVWZjRiWHFSODJnZGhvTTM3cVJHOS8zYTZGdWR1Ymh1eXhlNmFGN08vV24xRzZhLS0vZ2dJenhqRUwzSCtPK2NPTlduall3PT0%3D--268929a9d6080ce5c422a39c8c45e5f623935d15; path=/; secure; HttpOnly
X-Powered-By
Phusion Passenger 5.1.11
Server
nginx + Phusion Passenger 5.1.11
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
Access-Control-Allow-Credentials
true
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Content-Encoding
gzip

Redirect headers

date
Wed, 16 Dec 2020 20:38:45 GMT
content-type
text/html; charset=utf-8
content-length
115
location
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
strict-transport-security
max-age=31536000; includeSubDomains
css
fonts.googleapis.com/ 		15 KB
951 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Josefin+Sans:300,300i,400,700,700i|Raleway:300,400,500,600,700,800&display=swap&subset=latin-ext
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9beed1b180b9918be208f1ef3ebc38695b4429d961457fd92f4de7ed3df319f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 16 Dec 2020 20:38:46 GMT
server
ESF
date
Wed, 16 Dec 2020 20:38:46 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 16 Dec 2020 20:38:46 GMT
application-49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194.js
upshotstories.com/assets/ 		586 KB
184 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upshotstories.com/assets/application-49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194.js
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
Content-Encoding
gzip
ETag
W/"49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194"
X-Powered-By
Phusion Passenger 5.1.11
Transfer-Encoding
chunked
Status
200 OK
Connection
keep-alive
X-Request-Id
421678d7-1770-4d3c-9f0d-5ed5da56967f
X-Runtime
0.002259
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
application/javascript
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
upshotstories.com/assets/ 		219 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
a22f3a97b7e5976a6172b4709007d6c06e0d6519709e3d855e00517a8bbec848
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
Content-Encoding
gzip
ETag
W/"4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4"
X-Powered-By
Phusion Passenger 5.1.11
Transfer-Encoding
chunked
Status
200 OK
Connection
keep-alive
X-Request-Id
b90f55ae-db26-4fba-864a-16577b8b7755
X-Runtime
0.004740
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:46 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
text/css; charset=utf-8
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
logo-aqua-9b67785f3b2ad65a11f11c8b5a8938130f3e053f354de136b9e316b4be630c29.png
upshotstories.com/assets/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/logo-aqua-9b67785f3b2ad65a11f11c8b5a8938130f3e053f354de136b9e316b4be630c29.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
9b67785f3b2ad65a11f11c8b5a8938130f3e053f354de136b9e316b4be630c29
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"9b67785f3b2ad65a11f11c8b5a8938130f3e053f354de136b9e316b4be630c29"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
15978
X-Request-Id
8aeda7dd-471a-4b5a-906c-e84643018a0e
X-Runtime
0.002145
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
logo-0a7fa5e54e86566ec0f90a5f5c2fdfd5b0a3cb6f6be94bbc3a2e34cbacccbb1d.png
upshotstories.com/assets/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/logo-0a7fa5e54e86566ec0f90a5f5c2fdfd5b0a3cb6f6be94bbc3a2e34cbacccbb1d.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
0a7fa5e54e86566ec0f90a5f5c2fdfd5b0a3cb6f6be94bbc3a2e34cbacccbb1d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"0a7fa5e54e86566ec0f90a5f5c2fdfd5b0a3cb6f6be94bbc3a2e34cbacccbb1d"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
3546
X-Request-Id
0a15691c-b90e-4db0-ae6d-af50918f4f19
X-Runtime
0.002175
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
ff1d1b4f-747c-4632-91fe-a0f2abf33684.jpeg
readupshot.s3.amazonaws.com/uploads/user/image/2503/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://readupshot.s3.amazonaws.com/uploads/user/image/2503/ff1d1b4f-747c-4632-91fe-a0f2abf33684.jpeg
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.112.18 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
189bb309d2b953b9100444d019e4803eca80ea86c04c3987b53fbce04dea4bfa

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 16 Dec 2020 20:38:49 GMT
Last-Modified
Tue, 22 Sep 2020 19:15:49 GMT
Server
AmazonS3
x-amz-request-id
C0D9EA30FD30FBB4
ETag
"fb2e3ec4965d8c87ca19a4fc86f2148f"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
19119
x-amz-id-2
KZJBXHX6AEDAIbsBunQZw2RKsC/404ZFq+dIRnJ2fmcDWz1gGyGBGqAmEyrit8Ba7dZsJe+K4Uw=
linkedin-5f9658df900cb5a5c3fb521d37945b5ba7b73e3f26be90946ce74113a79dd0be.png
upshotstories.com/assets/icons/ 		398 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/icons/linkedin-5f9658df900cb5a5c3fb521d37945b5ba7b73e3f26be90946ce74113a79dd0be.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
5f9658df900cb5a5c3fb521d37945b5ba7b73e3f26be90946ce74113a79dd0be
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"5f9658df900cb5a5c3fb521d37945b5ba7b73e3f26be90946ce74113a79dd0be"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
398
X-Request-Id
797e47cf-fcc4-4f74-aa9b-3dd0c67bca0d
X-Runtime
0.002118
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
twitter-7fe8fcc78cb0dd9c650b70248759190d4abfff2868a4f0a0c8759dd051edcd04.png
upshotstories.com/assets/icons/ 		305 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/icons/twitter-7fe8fcc78cb0dd9c650b70248759190d4abfff2868a4f0a0c8759dd051edcd04.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
7fe8fcc78cb0dd9c650b70248759190d4abfff2868a4f0a0c8759dd051edcd04
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"7fe8fcc78cb0dd9c650b70248759190d4abfff2868a4f0a0c8759dd051edcd04"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
305
X-Request-Id
729a5b7f-9371-4dc0-b194-d1e9a41928e7
X-Runtime
0.002442
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
facebook-f3adcdf82d1dd298fe049091f8af4328d9145e38571e91eba394accb4e542883.png
upshotstories.com/assets/icons/ 		272 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/icons/facebook-f3adcdf82d1dd298fe049091f8af4328d9145e38571e91eba394accb4e542883.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
f3adcdf82d1dd298fe049091f8af4328d9145e38571e91eba394accb4e542883
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"f3adcdf82d1dd298fe049091f8af4328d9145e38571e91eba394accb4e542883"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
272
X-Request-Id
44129551-5131-4a63-889e-27bd73c48771
X-Runtime
0.007000
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
0690cb18-d751-4044-ba25-37eb443851a6.png
readupshot.s3.amazonaws.com/uploads/story/action_image/802/ 		325 KB
326 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://readupshot.s3.amazonaws.com/uploads/story/action_image/802/0690cb18-d751-4044-ba25-37eb443851a6.png
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.112.18 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
858229efd908afadfd1b8a642c008db0d7157a90a54b201bc96c0d2f1ccd5f28

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 16 Dec 2020 20:38:49 GMT
Last-Modified
Thu, 24 Sep 2020 22:19:14 GMT
Server
AmazonS3
x-amz-request-id
21DDBC081D6495EB
ETag
"4bb992e6f5929945b37fc8e130312c61"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
333050
x-amz-id-2
AeRw2Z+1WxAT97Zy9Z9r9E+i+GWyJH3ago3VUzpBvtbmwyGFaXIHsV3Rz7I9YfCNjTI56oThNZM=
clipboard.min.js
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 20:38:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
516541
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3005
cf-request-id
070edfec480000145aeabb1000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:09:13 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e29-2aa5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X7PinbhwtwZXZTNW0OL57EsOyCQXJ5Uu2prkoRDLRZHKrGFVqtdAQWM5VcbxC%2BVRwTgGy4kpzKeqIsFZiswMW8tr%2F7oh5V14GvBoYvuomRwVkSJjYJA6I0COHrdnbNS7Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
602b35c06bf7145a-FRA
expires
Mon, 06 Dec 2021 20:38:47 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10f9fb8c8fd7c43d0f643fca1f6911aa65655ed2ff8e2723442d5a0113ece66f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
c3dcaf06-776b-41a9-994e-75fd6abfec19.jpeg
readupshot.s3.amazonaws.com/uploads/story/image/802/ 		258 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://readupshot.s3.amazonaws.com/uploads/story/image/802/c3dcaf06-776b-41a9-994e-75fd6abfec19.jpeg
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.112.18 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
9f1f86700fcbc7aafe5fd76be5b450bbf412d9d14eaafd9dd5445d58894d3703

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 16 Dec 2020 20:38:49 GMT
Last-Modified
Tue, 22 Sep 2020 19:15:48 GMT
Server
AmazonS3
x-amz-request-id
7Y2Y5V9V5NET5H9R
ETag
"09363e76ba5895c16d9bb0bc1cff25d6"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
263860
x-amz-id-2
rJl+mpGR2tIy1j1mO1SrcNWPX2lEZPsAl2hmmx7mhyzoRR92Vm79UN7TaHptN32XgfRsRGzOO2Y=
icon-linkedin-white-a7fe66400ee252dbe9a7610f72fe1ff3dd452982ff3e211959d43e4dbcd55b31.svg
upshotstories.com/assets/icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/icons/icon-linkedin-white-a7fe66400ee252dbe9a7610f72fe1ff3dd452982ff3e211959d43e4dbcd55b31.svg
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
a7fe66400ee252dbe9a7610f72fe1ff3dd452982ff3e211959d43e4dbcd55b31
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"a7fe66400ee252dbe9a7610f72fe1ff3dd452982ff3e211959d43e4dbcd55b31"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
1099
X-Request-Id
34b2ea69-9e23-47e7-96b1-b33831065c97
X-Runtime
0.002173
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/svg+xml
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
icon-twitter-white-cc9149062488f6792ada5f7d9f3186e8f76b7ad0bd1f2688a7e1fce8a767b3ef.svg
upshotstories.com/assets/icons/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://upshotstories.com/assets/icons/icon-twitter-white-cc9149062488f6792ada5f7d9f3186e8f76b7ad0bd1f2688a7e1fce8a767b3ef.svg
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
cc9149062488f6792ada5f7d9f3186e8f76b7ad0bd1f2688a7e1fce8a767b3ef
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"cc9149062488f6792ada5f7d9f3186e8f76b7ad0bd1f2688a7e1fce8a767b3ef"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
1602
X-Request-Id
e3364b9f-5ef3-4f03-848f-ef6504a0d4f2
X-Runtime
0.001754
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Content-Type
image/svg+xml
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
josefin-sans-v14-latin-ext_latin-300-493646754c47f9ceb6c56a08994908c90257675fa6c420f3a165b20e50739b00.woff2
upshotstories.com/assets/JosefinSans/ 		24 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://upshotstories.com/assets/JosefinSans/josefin-sans-v14-latin-ext_latin-300-493646754c47f9ceb6c56a08994908c90257675fa6c420f3a165b20e50739b00.woff2
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.255.106 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-255-106.us-west-2.compute.amazonaws.com
Software
nginx + Phusion Passenger 5.1.11 / Phusion Passenger 5.1.11
Resource Hash
493646754c47f9ceb6c56a08994908c90257675fa6c420f3a165b20e50739b00
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Origin
https://upshotstories.com
Referer
https://upshotstories.com/assets/application-4ef0bf632de0fc195f7bb211dcf35f0a81ce690974b3be021ad406eae30857c4.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000
ETag
"493646754c47f9ceb6c56a08994908c90257675fa6c420f3a165b20e50739b00"
X-Powered-By
Phusion Passenger 5.1.11
Status
200 OK
Connection
keep-alive
Content-Length
24892
X-Request-Id
38b94a80-4bb0-469a-9a01-3a5dad126183
X-Runtime
0.002200
Server
nginx + Phusion Passenger 5.1.11
Date
Wed, 16 Dec 2020 20:38:47 GMT
Vary
Origin, Origin
Access-Control-Allow-Methods
POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin
https://upshotstories.com
Access-Control-Expose-Headers
X-Total,X-Per-Page,X-Page
Cache-Control
public, max-age=31536000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,cache,Cache-Control,Content-Type,X-Total,X-Per-Page,X-Page
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v18/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v18/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:300,300i,400,700,700i|Raleway:300,400,500,600,700,800&display=swap&subset=latin-ext
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://upshotstories.com
Referer
https://fonts.googleapis.com/css?family=Josefin+Sans:300,300i,400,700,700i|Raleway:300,400,500,600,700,800&display=swap&subset=latin-ext
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 18:25:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2020 20:45:21 GMT
server
sffe
age
7996
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42444
x-xss-protection
0
expires
Thu, 16 Dec 2021 18:25:31 GMT
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2892
date
Wed, 16 Dec 2020 19:50:35 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 16 Dec 2020 21:50:35 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc384a9cc406130cc4a94cb60001d1b543aefaf28a51b9716f6cfa5f4207cbb9

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
collect
www.google-analytics.com/j/ 		4 B
71 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1727865126&t=pageview&_s=1&dl=https%3A%2F%2Fupshotstories.com%2Fstories%2Frecovering-from-ransomware-lessons-learned-from-our-attack&ul=en-us&de=UTF-8&dt=Recovering%20From%20Ransomware%3A%20Lessons%20Learned%20From%20Our%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1339941943&gjid=44808279&cid=1232583849.1608151128&tid=UA-76987951-1&_gid=1018490847.1608151128&_r=1&_slc=1&z=31265392
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 16 Dec 2020 20:38:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://upshotstories.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
123 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-76987951-1&cid=1232583849.1608151128&jid=1339941943&gjid=44808279&_gid=1018490847.1608151128&_u=IEBAAEAAAAAAAC~&z=196365197
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 16 Dec 2020 20:38:47 GMT
content-type
text/plain
access-control-allow-origin
https://upshotstories.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 20:38:49 GMT
content-encoding
gzip
x-amz-request-id
DCAF92F89A2CA027
x-cache
HIT
content-length
10624
x-amz-id-2
TRHerhVqdOKsza8E2v00gPT2CAbWzfpInLOFmUaGEwIXQEnp+g+VCzJEiqRyaVzOv5v636FnSaM=
x-served-by
cache-fra19164-FRA
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1608151129.015940,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
23413
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/x1qj91th
  • https://js.intercomcdn.com/shim.latest.js
12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8799688865a1f4b37ff16e9a73d1f9b6e2acc2630569ad3e90035bbbc091efea

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 20:34:55 GMT
content-encoding
gzip
last-modified
Wed, 16 Dec 2020 16:34:52 GMT
server
AmazonS3
age
235
etag
"dc20a092183bba67f1b1b58dc3393cb4"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=300, s-maxage=300, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
4394
x-amz-cf-id
XlA7MFHHeIXTSmqMGJGJOsOPEzx69MWi0XMMDnXbeVaQ-az8gEYkEg==

Redirect headers

date
Mon, 07 Dec 2020 18:14:22 GMT
via
1.1 fb60efae608d5d8f2d160585f251caaf.cloudfront.net (CloudFront)
server
AmazonS3
age
786268
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop
AMS50-C1
content-length
0
x-amz-cf-id
CK4MEqwpitw0UHVTm7vcpXkBtWy9ynUbFhrSsNqyGx8I9Wwmhxg5Sw==
roundtrip.js
s.adroll.com/j/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/assets/application-49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-126.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c2cb2cc5345c71f30b0ce56069cfe0bdf65eb061228333d27ba0e7388748636a

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
eHeCFa11ZmebQv0hmrjMAs.eB.BPo.q4
Content-Encoding
gzip
ETag
"0aed5b94bc26ce0fe9e58d25dd314418"
x-amz-request-id
A153E367E4F64E44
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
12695
x-amz-id-2
1CcC1EKrieRTlAyvmM8I9czxbYiNWqUAlIg4XQoBWjKMxkmKs0MXuebcXJ5+1jv9UbHz74EL7Lo=
Last-Modified
Thu, 10 Dec 2020 18:09:34 GMT
Server
AmazonS3
Date
Wed, 16 Dec 2020 20:38:49 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
53e8d5610b
bam.nr-data.net/1/ 		57 B
275 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/53e8d5610b?a=95765762&v=1184.ab39b52&to=IVoNERNXXlxWRhpEEg1HCgASF0FYXEM%3D&rst=3786&ck=1&ref=https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack&ap=45&be=1349&fe=3713&dc=2592&perf=%7B%22timing%22:%7B%22of%22:1608151125246,%22n%22:0,%22f%22:711,%22dn%22:712,%22dne%22:729,%22c%22:729,%22s%22:741,%22ce%22:1106,%22rq%22:1106,%22rp%22:1341,%22rpe%22:1470,%22dl%22:1344,%22di%22:2592,%22ds%22:2592,%22de%22:2596,%22dc%22:3713,%22l%22:3713,%22le%22:3714%7D,%22navigation%22:%7B%7D%7D&fp=2587&fcp=2587&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
frame-modern.9a4b449f.js
js.intercomcdn.com/ Frame 6513 		243 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.9a4b449f.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/x1qj91th
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b70552530b89a7a345e8ada0612a253106e37ee19c251cf0810cfcfeccc441a6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 20:34:55 GMT
content-encoding
gzip
last-modified
Wed, 16 Dec 2020 16:25:19 GMT
server
AmazonS3
age
235
etag
"f82d049152d930a1fcd5e1262935235a"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
67102
x-amz-cf-id
RoSfDebb9VYZl6SaBIJR08iQQhiB_YuRnT_iLNNvXvrxtApFVOqR9w==
vendor-modern.9d1078c3.js
js.intercomcdn.com/ Frame 6513 		123 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.9d1078c3.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/x1qj91th
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
848c5de83cc5769619fb12455772acca45887021ab6fdc7b5c88f36a31ff0946

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 20:09:10 GMT
content-encoding
gzip
last-modified
Tue, 15 Dec 2020 14:01:33 GMT
server
AmazonS3
age
1780
etag
"9b5b470a28e38dff426854ef00fb72e0"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
38314
x-amz-cf-id
Eg8X1iHD6M14RFp_EGloCwsk_oIz6RqavH_QZ0FOW-Huzwicqon2Ow==
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/ZWGSKHEW2BBQZHPKDCOD3H/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-126.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
NRd5BJy3mTVGILCcmBdUI4KKHh2sq935
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
7W9WAWDN1PDJ9K6T
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
NBvratIHE//44TPOypShMaCv/9QzRoRblXgrQhIlv+9B2ymzS7rKcZPf7Q+NJ4aV6oOIl9m1JcE=
Last-Modified
Wed, 02 Dec 2020 20:19:48 GMT
Server
AmazonS3
Date
Wed, 16 Dec 2020 20:38:49 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Wed, 16 Dec 2020 20:38:49 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/ZWGSKHEW2BBQZHPKDCOD3H/QVO47JOQUNFEDMXBCD4JSY/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/ZWGSKHEW2BBQZHPKDCOD3H/QVO47JOQUNFEDMXBCD4JSY/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-126.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
GDgKBZKrdclbMGZ8YFL01iJTcOCZxJEb
Content-Encoding
gzip
ETag
"3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id
39BBBA6DCE2534E3
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
635
x-amz-id-2
1SyVGOyLU+T0uAN5MBQwieejeNYL79FvKe1ja2Drb+7Tb4kGNihQ2ro4twB9+h8WKZUXt1RVTZA=
Last-Modified
Wed, 16 Dec 2020 00:46:02 GMT
Server
AmazonS3
Date
Wed, 16 Dec 2020 20:38:49 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/ZWGSKHEW2BBQZHPKDCOD3H/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/ZWGSKHEW2BBQZHPKDCOD3H?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2
  • https://d.adroll.com/consent/check/ZWGSKHEW2BBQZHPKDCOD3H/?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2
385 B
477 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/ZWGSKHEW2BBQZHPKDCOD3H/?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.144.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-144-210.eu-west-1.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2cb9affcbf2ecb06a712ec9cfb9490bf3e6fffcaeccf12ce32cc5d7e3432c79f

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 20:38:49 GMT
server
nginx/1.18.0
content-length
385
content-type
application/javascript

Redirect headers

location
https://d.adroll.com/consent/check/ZWGSKHEW2BBQZHPKDCOD3H/?_s=13792819a72ba30fda87bfbb9e98df6a&_b=2
date
Wed, 16 Dec 2020 20:38:49 GMT
server
nginx/1.18.0
content-length
105
ping
api-iam.intercom.io/messenger/web/ Frame 6513 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.9a4b449f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.88.188 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad8b87a22ce463223.awsglobalaccelerator.com
Software
nginx /
Resource Hash
daa9aee65197bb6f6fc9d4dd14548923915a91b8ecf4a8088d7ea0b40a1fc826
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 16 Dec 2020 20:38:49 GMT
content-encoding
gzip
x-ami-version
ami-0c0527cbc955a92c6
status
200 OK
strict-transport-security
max-age=31556952; includeSubDomains; preload
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
0006kgoduvpc9k64g2f0
x-runtime
0.265574
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"daa9aee65197bb6f6fc9d4dd14548923"
x-ratelimit-remaining
19999
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://upshotstories.com
x-intercom-version
a8ac75d45a231e6410d4b46ac877bbd424820309
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-ratelimit-reset
1608151140
x-ratelimit-limit
20000
access-control-allow-headers
Content-Type
x-content-type-options
nosniff
consent_tcfv2.js
s.adroll.com/j/ 		397 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-126.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
bf40c262b047615208bc2d84984e7854b8a2ec9801f1c6e99c0b79a9f32380b5

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
7sDcLvGKTPrh8xIq2f5DynXc_Mi9vQVX
Content-Encoding
gzip
ETag
"1f2c64002f8e1b6eb56c304c2e892afb"
x-amz-request-id
9C0A466D5B644741
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
55575
x-amz-id-2
RKvpIdckCIUfU1lGu4A9Vc4434+rKFeY6PhXnAc0s4O7wCj+IxmfMnCnJnqRhSwxJEODB4ztDYM=
Last-Modified
Mon, 07 Dec 2020 23:59:35 GMT
Server
AmazonS3
Date
Wed, 16 Dec 2020 20:38:49 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
favicon-32x32.png
nextroll.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nextroll.com/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.13.178 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-13-178.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 16 Dec 2020 20:38:49 GMT
Via
1.1 vegur
Last-Modified
Mon, 30 Nov 2020 21:05:36 GMT
Server
Apache
Etag
"64f-5b5595f1ce800"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1615
vendors~app-modern.1427f8e6.js
js.intercomcdn.com/ Frame 6513 		322 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendors~app-modern.1427f8e6.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.9a4b449f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7ac754a2a15f87fada0e8fe4e99c9b3883bd6da85316c7b4b9f1c14e382e217c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 19:18:28 GMT
content-encoding
gzip
last-modified
Wed, 16 Dec 2020 13:11:12 GMT
server
AmazonS3
age
4828
etag
"6920fc08528cc235aedca196baf86f49"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
98502
x-amz-cf-id
v69-rjklu8BkGe62eoDY8sY7fbrEkK8iHS-ITOgmi8go38WPgMtzfA==
app-modern.7fe4a87d.js
js.intercomcdn.com/ Frame 6513 		672 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/app-modern.7fe4a87d.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.9a4b449f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f26c1d043b82a9f5a547f9d58fb5b02d267f43f7c1147fde2e68ede2fa711cba

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 20:34:57 GMT
content-encoding
gzip
last-modified
Wed, 16 Dec 2020 16:25:19 GMT
server
AmazonS3
age
239
etag
"f3cdc4178a524f66c5827bd6c7fd8115"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
161049
x-amz-cf-id
W0D_zic-gwdw-PE1qz9rUovpg6QOVVHDMPi2_8XXA4axQRK_RO9Jvg==
launcher-discovery-modern.8215e400.js
js.intercomcdn.com/ Frame 6513 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/launcher-discovery-modern.8215e400.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.9a4b449f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0415a7bf01c85dcbbc1ae1005f2f5569be0abfd8f89f11c17766a90d27fd994

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 16 Dec 2020 19:18:36 GMT
content-encoding
gzip
last-modified
Wed, 16 Dec 2020 13:11:14 GMT
server
AmazonS3
age
4820
etag
"246891ae8cc4a7942454e8d377e3fe68"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
via
1.1 3c01812e357a7900959ea67a1c5782ad.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
AMS50-C1
accept-ranges
bytes
content-length
2115
x-amz-cf-id
dOf8ogBj6vfFcjMKo34DzojC1PbjBSN02eWwVv5Vnc0fQGT7u-nISA==
proximanova-regular.a7942249.woff
js.intercomcdn.com/fonts/ Frame 5443 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Requested by
Host: upshotstories.com
URL: https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.86.88 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-86-88.ams50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20

Request headers

Origin
https://upshotstories.com
Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 20:38:57 GMT
via
1.1 d9fcaa7ae40e5e547fbbd3d693139fae.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
access-control-max-age
3000
content-length
28960
last-modified
Tue, 15 Dec 2020 16:38:40 GMT
server
AmazonS3
etag
"a7942249ca925ef356c0f2b1dab17ef3"
vary
Origin
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
LhKcAkaIEsSo8j5o1LjCUhKuTk_YZBwJ68Wf41Gt7tIuww1nenAUqA==
dankalmar-1515775226.jpg
static.intercomassets.com/avatars/1741349/square_128/ Frame 5443 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.intercomassets.com/avatars/1741349/square_128/dankalmar-1515775226.jpg?1515775226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.177.74 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-177-74.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
26c09e330c7ce86e41fb093109095381359c069102c0a8a62e3c7cb916f9e5e7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 16 Dec 2020 07:22:29 GMT
via
1.1 376388af58845ad0897ba599cce4d92f.cloudfront.net (CloudFront)
last-modified
Fri, 12 Jan 2018 16:40:27 GMT
server
AmazonS3
age
47788
etag
"00ee59eec2315d0666a1b3231ae569c4"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=86400
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
3158
x-amz-cf-id
a6f-2O9Tb2lqfSOhZYAkzhY77uipgMcVx6jIkILjm0b3WS6PDKd2IA==
53e8d5610b
bam.nr-data.net/events/1/ 		24 B
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/53e8d5610b?a=95765762&v=1184.ab39b52&to=IVoNERNXXlxWRhpEEg1HCgASF0FYXEM%3D&rst=13786&ck=1&ref=https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.18 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-6.nr-data.net
Software
/
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://upshotstories.com/stories/recovering-from-ransomware-lessons-learned-from-our-attack
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://upshotstories.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| NREUM object| newrelic function| __nr_require function| $ function| jQuery function| Tether string| adroll_adv_id string| adroll_pix_id object| Typeahead string| GoogleAnalyticsObject function| ga object| intercomSettings function| Intercom object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| _adroll_loaded function| __intercomAssignLocation string| adroll_sid object| dataLayer object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback function| __cmp object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| adroll_exp_list object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner object| __adroll_consent_prev_lastchild

4 Cookies

Domain/Path Name / Value
upshotstories.com/ Name: _session_id
Value: MTZzTkt1N2o3WDlDeVJESm9oV3Nza0dYZ1dDZUt0Sk9GSHUwODAzcHJMQUMyYlNtajVmVmdKL3hGejNPUmFhMS9lZG9HcjhjTFVndHBqY2VXY1RiYi9FNzlwbXFFNzlTakxyWEZUNEF5TWU3dFUvaUlGRG9VUHlpN3J4dkxvUHBvUWNiU050bDdoMEZXUGRWMnE1c0JwbjNRSW5wWmFqdE9adG9XRG9BUlBnQzN0Mjd5VGUwNUtPdS9sUkZnSEZxLS1mWXZCVGpsR2NVdWZQcWdYQzZTVE1RPT0%3D--a3c54466ed1a5e7ecac552d4f805f581640cd6bc
.upshotstories.com/ Name: _gat
Value: 1
.upshotstories.com/ Name: _gid
Value: GA1.2.1018490847.1608151128
.upshotstories.com/ Name: _ga
Value: GA1.2.1232583849.1608151128

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
bam.nr-data.net
cdnjs.cloudflare.com
d.adroll.com
d.adroll.mgr.consensu.org
fonts.googleapis.com
fonts.gstatic.com
hello.oneneck.com
js-agent.newrelic.com
js.intercomcdn.com
nextroll.com
readupshot.s3.amazonaws.com
s.adroll.com
static.intercomassets.com
stats.g.doubleclick.net
upshotstories.com
widget.intercom.io
www.google-analytics.com
104.108.144.126
151.101.14.110
162.247.242.18
2606:4700::6810:135e
2a00:1450:4001:81d::200a
2a00:1450:4001:820::200e
2a00:1450:4001:825::2003
2a00:1450:400c:c06::9a
34.254.144.210
35.167.165.76
52.219.112.18
52.22.13.178
52.222.177.74
52.26.255.106
54.192.86.88
54.192.86.89
75.2.88.188
0a7fa5e54e86566ec0f90a5f5c2fdfd5b0a3cb6f6be94bbc3a2e34cbacccbb1d
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
10f9fb8c8fd7c43d0f643fca1f6911aa65655ed2ff8e2723442d5a0113ece66f
189bb309d2b953b9100444d019e4803eca80ea86c04c3987b53fbce04dea4bfa
26c09e330c7ce86e41fb093109095381359c069102c0a8a62e3c7cb916f9e5e7
2cb9affcbf2ecb06a712ec9cfb9490bf3e6fffcaeccf12ce32cc5d7e3432c79f
493646754c47f9ceb6c56a08994908c90257675fa6c420f3a165b20e50739b00
49d39bd636845c55cef27e3348aed5a90958c6074eb351ba561d00f4dd2a3194
5f9658df900cb5a5c3fb521d37945b5ba7b73e3f26be90946ce74113a79dd0be
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7ac754a2a15f87fada0e8fe4e99c9b3883bd6da85316c7b4b9f1c14e382e217c
7fe8fcc78cb0dd9c650b70248759190d4abfff2868a4f0a0c8759dd051edcd04
848c5de83cc5769619fb12455772acca45887021ab6fdc7b5c88f36a31ff0946
858229efd908afadfd1b8a642c008db0d7157a90a54b201bc96c0d2f1ccd5f28
8799688865a1f4b37ff16e9a73d1f9b6e2acc2630569ad3e90035bbbc091efea
9b67785f3b2ad65a11f11c8b5a8938130f3e053f354de136b9e316b4be630c29
9beed1b180b9918be208f1ef3ebc38695b4429d961457fd92f4de7ed3df319f2
9f1f86700fcbc7aafe5fd76be5b450bbf412d9d14eaafd9dd5445d58894d3703
a22f3a97b7e5976a6172b4709007d6c06e0d6519709e3d855e00517a8bbec848
a7fe66400ee252dbe9a7610f72fe1ff3dd452982ff3e211959d43e4dbcd55b31
ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b70552530b89a7a345e8ada0612a253106e37ee19c251cf0810cfcfeccc441a6
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bf40c262b047615208bc2d84984e7854b8a2ec9801f1c6e99c0b79a9f32380b5
c0415a7bf01c85dcbbc1ae1005f2f5569be0abfd8f89f11c17766a90d27fd994
c2cb2cc5345c71f30b0ce56069cfe0bdf65eb061228333d27ba0e7388748636a
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
cc384a9cc406130cc4a94cb60001d1b543aefaf28a51b9716f6cfa5f4207cbb9
cc9149062488f6792ada5f7d9f3186e8f76b7ad0bd1f2688a7e1fce8a767b3ef
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
daa9aee65197bb6f6fc9d4dd14548923915a91b8ecf4a8088d7ea0b40a1fc826
e3cc198bd19d5003dc7dfcc47dcf0a9237c4890da761a7a55499511d021476b2
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f26c1d043b82a9f5a547f9d58fb5b02d267f43f7c1147fde2e68ede2fa711cba
f3adcdf82d1dd298fe049091f8af4328d9145e38571e91eba394accb4e542883
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52