www.csoonline.com Open in urlscan Pro
151.101.114.165 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/chVwWS4jhn
Effective URL:
https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victim...
Submission: On September 25 via api (September 25th 2020, 1:16:42 pm UTC) from US

Summary HTTP 370 Redirects Links 53 Behaviour Indicators

Summary

This website contacted 77 IPs in 6 countries across 61 domains to perform 370 HTTP transactions. The main IP is 151.101.114.165, located in Frankfurt am Main, Germany and belongs to FASTLY, US. The main domain is www.csoonline.com.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on June 19th 2020. Valid for: 10 months.

This is the only time www.csoonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1 1	3.94.37.25 3.94.37.25	14618 (AMAZON-AES) (AMAZON-AES)
56	151.101.114.165 151.101.114.165	54113 (FASTLY) (FASTLY)
1	2600:9000:205... 2600:9000:2057:a000:17:5578:e080:21	16509 (AMAZON-02) (AMAZON-02)
3	143.204.215.94 143.204.215.94	16509 (AMAZON-02) (AMAZON-02)
1	143.204.94.111 143.204.94.111	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.63 143.204.215.63	16509 (AMAZON-02) (AMAZON-02)
2	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
5	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.210.250.13 23.210.250.13	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	2600:9000:206... 2600:9000:206e:2600:1:a3fa:7cc0:93a1	16509 (AMAZON-02) (AMAZON-02)
20	151.101.194.165 151.101.194.165	54113 (FASTLY) (FASTLY)
2	2600:9000:21f... 2600:9000:21f3:7c00:2:d151:aac0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.59.111.161 52.59.111.161	16509 (AMAZON-02) (AMAZON-02)
7	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:5a4::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
2	104.19.149.54 104.19.149.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.94.15 143.204.94.15	16509 (AMAZON-02) (AMAZON-02)
2	52.203.184.151 52.203.184.151	14618 (AMAZON-AES) (AMAZON-AES)
1	99.86.243.5 99.86.243.5	16509 (AMAZON-02) (AMAZON-02)
2	34.200.67.223 34.200.67.223	14618 (AMAZON-AES) (AMAZON-AES)
3	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
1 2	52.50.67.37 52.50.67.37	16509 (AMAZON-02) (AMAZON-02)
2	54.197.13.220 54.197.13.220	14618 (AMAZON-AES) (AMAZON-AES)
5	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
6	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
19	34.200.115.102 34.200.115.102	14618 (AMAZON-AES) (AMAZON-AES)
6	34.107.254.252 34.107.254.252	15169 (GOOGLE) (GOOGLE)
6	23.210.250.44 23.210.250.44	16625 (AKAMAI-AS) (AKAMAI-AS)
5	52.215.225.80 52.215.225.80	16509 (AMAZON-02) (AMAZON-02)
2	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	99.86.243.61 99.86.243.61	16509 (AMAZON-02) (AMAZON-02)
2	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
1	2606:4700:303... 2606:4700:3031::ac43:be68	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:10c... 2a02:26f0:10c:582::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
18	2a04:4e42:1b:... 2a04:4e42:1b::626	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
4	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
2	3.121.66.29 3.121.66.29	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1 10	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
12	95.100.198.32 95.100.198.32	16625 (AKAMAI-AS) (AKAMAI-AS)
4	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	151.101.114.2 151.101.114.2	54113 (FASTLY) (FASTLY)
25	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	64.74.236.63 64.74.236.63	19024 (INTERNAP-...) (INTERNAP-BLK5)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
1	152.199.22.243 152.199.22.243	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	172.67.36.86 172.67.36.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
4	2600:9000:218... 2600:9000:2182:f000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	99.86.7.51 99.86.7.51	16509 (AMAZON-02) (AMAZON-02)
1	54.204.14.42 54.204.14.42	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:819::2006	15169 (GOOGLE) (GOOGLE)
24	104.244.37.20 104.244.37.20	7415 (ADSAFE-1) (ADSAFE-1)
7	69.16.175.10 69.16.175.10	20446 (HIGHWINDS3) (HIGHWINDS3)
17	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	54.225.171.0 54.225.171.0	14618 (AMAZON-AES) (AMAZON-AES)
2	2404:6800:400... 2404:6800:4009:805::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:6a::8	15169 (GOOGLE) (GOOGLE)
1 1	185.94.180.128 185.94.180.128	35220 (SPOTX-AMS) (SPOTX-AMS)
1	95.100.196.125 95.100.196.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
2	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
370	77

5 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.94.37.25 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

trib.al	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 151.101.114.165 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.csoonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.staticworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.idgesg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:a000:17:5578:e080:21 (United States)

ASN16509 (AMAZON-02, US)

d2zv5rkii46miq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.215.94 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-94.fra53.r.cloudfront.net

cmpv2.csoonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.111 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-111.fra50.r.cloudfront.net

ccpa.sp-prod.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.63 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-63.fra53.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00::210:ba0a (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.13 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-13.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:206e:2600:1:a3fa:7cc0:93a1 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

cdn.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 151.101.194.165 (United States)

ASN54113 (FASTLY, US)

alt.idgesg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idge.staticworld.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.techhive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:7c00:2:d151:aac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.subscribers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.111.161 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cmp.csoonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:5a4::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.149.54 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.15 (Seattle, United States)

ASN16509 (AMAZON-02, US)

cdn.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.203.184.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-184-151.compute-1.amazonaws.com

ccpa-service.sp-prod.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.243.5 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-5.vie50.r.cloudfront.net

w.soundcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.67.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api3847.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.53.140 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.67.37 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.197.13.220 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-13-220.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.13 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 34.200.115.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

idg.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.107.254.252 (United States)

ASN15169 (GOOGLE, US)

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googlesync.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.210.250.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-44.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
libs.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.215.225.80 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-jsonp.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.243.61 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-61.vie50.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.dwin2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:be68 (United States)

ASN13335 (CLOUDFLARENET, US)

tracker.adreadyclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:582::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.53.17 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a04:4e42:1b::626 (Ascension Island)

ASN54113 (FASTLY, US)

ssl.p.jwpcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets-jpcust.jwpsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prd.jwpltx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.66.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 95.100.198.32 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-198-32.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
videoclientsservicescalls.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mv.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Ascension Island)

ASN15169 (GOOGLE, US)

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Mountain View, United States)

ASN15169 (GOOGLE, US)

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.63 (United States)

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

mcdp-chidc2.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Mountain View, United States)

ASN15169 (GOOGLE, US)

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.22.243 (United States)

ASN15133 (EDGECAST, US)

entitlements.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.36.86 (United States)

ASN13335 (CLOUDFLARENET, US)

pixelconnector.adready.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2182:f000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.7.51 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-51.fra6.r.cloudfront.net

plugins.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.204.14.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 104.244.37.20 (United States)

ASN7415 (ADSAFE-1, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.16.175.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)

static.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
inventory.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.225.171.0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

server6.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4009:805::2003 (Australia)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

redirector.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:6a::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r3---sn-4g5ednsl.gvt1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.128 (Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, NL)

js.spotx.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.196.125 (Ascension Island)

ASN16625 (AKAMAI-AS, US)

aka.spotxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, NL)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.124 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	csoonline.com www.csoonline.com cmpv2.csoonline.com cmp.csoonline.com	401 KB
34	adsafeprotected.com cdn.adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	197 KB
25	twitter.com analytics.twitter.com	4 KB
24	blueconic.net cdn.blueconic.net idg.blueconic.net plugins.blueconic.net	387 KB
17	facebook.com www.facebook.com	2 KB
14	outbrainimg.com tcheck.outbrainimg.com log.outbrainimg.com images.outbrainimg.com	649 KB
13	outbrain.com widgets.outbrain.com odb.outbrain.com tr.outbrain.com mcdp-chidc2.outbrain.com libs.outbrain.com videoclientsservicescalls.outbrain.com mv.outbrain.com	132 KB
12	googlesyndication.com d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	283 KB
11	staticworld.net idge.staticworld.net pixel.staticworld.net	17 KB
10	google.com cse.google.com www.google.com clients1.google.com adservice.google.com	165 KB
10	idgesg.net alt.idgesg.net images.idgesg.net	925 KB
9	vidazoo.com static.vidazoo.com server6.vidazoo.com inventory.vidazoo.com	315 KB
8	jwpltx.com prd.jwpltx.com	300 B
8	permutive.com cdn.permutive.com api.permutive.com googlesync.permutive.com	161 KB
8	doubleclick.net 1 redirects securepubads.g.doubleclick.net cm.g.doubleclick.net	119 KB
7	skimresources.com s.skimresources.com t.skimresources.com p.skimresources.com r.skimresources.com	17 KB
6	jwpcdn.com ssl.p.jwpcdn.com	204 KB
6	jwplayer.com 3 redirects cdn.jwplayer.com entitlements.jwplayer.com	39 KB
6	typekit.net use.typekit.net p.typekit.net	96 KB
5	adnxs.com ib.adnxs.com secure.adnxs.com	4 KB
5	t.co t.co	927 B
4	spotxchange.com 1 redirects sync.search.spotxchange.com search.spotxchange.com	2 KB
4	gvt1.com 1 redirects redirector.gvt1.com r3---sn-4g5ednsl.gvt1.com	2 MB
4	jwpsrv.com assets-jpcust.jwpsrv.com	64 KB
4	google-analytics.com www.google-analytics.com	19 KB
4	rubiconproject.com fastlane.rubiconproject.com	5 KB
3	facebook.net connect.facebook.net	298 KB
3	googletagservices.com www.googletagservices.com	84 KB
3	d41.co api3847.d41.co cdn-0.d41.co	5 KB
3	fontawesome.com use.fontawesome.com	106 KB
3	sp-prod.net ccpa.sp-prod.net ccpa-service.sp-prod.net	19 KB
2	gstatic.com csi.gstatic.com	63 B
2	googleapis.com imasdk.googleapis.com	102 KB
2	3lift.com tlx.3lift.com	984 B
2	casalemedia.com htlb.casalemedia.com as-sec.casalemedia.com	951 B
2	scorecardresearch.com sb.scorecardresearch.com	2 KB
2	licdn.com snap.licdn.com	3 KB
2	dwin2.com www.dwin2.com	117 KB
2	moatads.com z.moatads.com s-jsonp.moatads.com	55 KB
2	reddit.com alb.reddit.com	250 B
2	postrelease.com jadserve.postrelease.com	4 KB
2	adsrvr.org 1 redirects match.adsrvr.org	1 KB
2	googletagmanager.com www.googletagmanager.com	107 KB
2	subscribers.com cdn.subscribers.com	13 KB
1	spotxcdn.com aka.spotxcdn.com	155 KB
1	spotx.tv 1 redirects js.spotx.tv	589 B
1	2mdn.net s0.2mdn.net	10 KB
1	ipify.org api.ipify.org	258 B
1	linkedin.com px.ads.linkedin.com	58 B
1	adready.com pixelconnector.adready.com	824 B
1	google.ch adservice.google.ch	126 B
1	rlcdn.com api.rlcdn.com	46 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	adreadyclick.com tracker.adreadyclick.com	4 KB
1	redditstatic.com www.redditstatic.com	6 KB
1	soundcloud.com w.soundcloud.com	3 KB
1	techhive.com images.techhive.com	6 KB
1	ntv.io s.ntv.io	98 KB
1	indexww.com js-sec.indexww.com	39 KB
1	cloudfront.net d2zv5rkii46miq.cloudfront.net	2 KB
1	trib.al 1 redirects trib.al	664 B
370	61

	Domain	Requested by
54	www.csoonline.com	t.co www.csoonline.com
25	analytics.twitter.com	www.csoonline.com static.ads-twitter.com
24	dt.adsafeprotected.com	www.csoonline.com
19	idg.blueconic.net	cdn.blueconic.net www.csoonline.com
17	www.facebook.com	www.csoonline.com connect.facebook.net
11	images.outbrainimg.com	www.csoonline.com
10	idge.staticworld.net	www.csoonline.com
9	alt.idgesg.net	www.csoonline.com
8	prd.jwpltx.com	www.csoonline.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
7	securepubads.g.doubleclick.net	www.csoonline.com securepubads.g.doubleclick.net t.co
6	static.vidazoo.com	libs.outbrain.com static.vidazoo.com www.csoonline.com
6	ssl.p.jwpcdn.com	cdn.jwplayer.com
6	www.google.com	cse.google.com www.csoonline.com securepubads.g.doubleclick.net
5	pixel.adsafeprotected.com	cdn.adsafeprotected.com www.csoonline.com
5	widgets.outbrain.com	www.csoonline.com widgets.outbrain.com
5	api.permutive.com	cdn.permutive.com www.csoonline.com
5	cdn.jwplayer.com	3 redirects www.csoonline.com cdn.jwplayer.com
5	use.typekit.net	www.csoonline.com use.typekit.net
5	t.co	www.csoonline.com
4	pagead2.googlesyndication.com	www.csoonline.com securepubads.g.doubleclick.net
4	plugins.blueconic.net	cdn.blueconic.net
4	static.adsafeprotected.com	pixel.adsafeprotected.com www.csoonline.com
4	assets-jpcust.jwpsrv.com	www.csoonline.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.csoonline.com
4	secure.adnxs.com	js-sec.indexww.com www.csoonline.com
4	fastlane.rubiconproject.com	js-sec.indexww.com
3	r3---sn-4g5ednsl.gvt1.com	www.csoonline.com
3	mcdp-chidc2.outbrain.com	widgets.outbrain.com
3	connect.facebook.net	t.co connect.facebook.net
3	t.skimresources.com	www.csoonline.com s.skimresources.com
3	www.googletagservices.com	securepubads.g.doubleclick.net
3	use.fontawesome.com	www.csoonline.com use.fontawesome.com
3	cmpv2.csoonline.com	www.csoonline.com cmpv2.csoonline.com
2	search.spotxchange.com	js.spotx.tv
2	sync.search.spotxchange.com	1 redirects www.csoonline.com
2	csi.gstatic.com	imasdk.googleapis.com
2	server6.vidazoo.com	static.vidazoo.com
2	imasdk.googleapis.com	cdn.jwplayer.com imasdk.googleapis.com
2	p.skimresources.com	www.csoonline.com
2	log.outbrainimg.com	widgets.outbrain.com
2	tlx.3lift.com	js-sec.indexww.com
2	sb.scorecardresearch.com	www.csoonline.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.dwin2.com	www.googletagmanager.com www.dwin2.com
2	alb.reddit.com	www.csoonline.com
2	jadserve.postrelease.com	s.ntv.io www.csoonline.com
2	match.adsrvr.org	1 redirects js-sec.indexww.com
2	api3847.d41.co	www.googletagmanager.com cdn-0.d41.co
2	ccpa-service.sp-prod.net	ccpa.sp-prod.net
2	cse.google.com	www.csoonline.com www.google.com
2	cdn.permutive.com	www.csoonline.com cdn.permutive.com
2	www.googletagmanager.com	www.csoonline.com www.googletagmanager.com
2	cmp.csoonline.com	ccpa.sp-prod.net
2	cdn.subscribers.com	www.csoonline.com cdn.subscribers.com
1	inventory.vidazoo.com	www.csoonline.com
1	aka.spotxcdn.com	www.csoonline.com
1	js.spotx.tv	1 redirects
1	redirector.gvt1.com	1 redirects
1	s0.2mdn.net	imasdk.googleapis.com
1	mv.outbrain.com	widgets.outbrain.com
1	videoclientsservicescalls.outbrain.com	libs.outbrain.com
1	api.ipify.org	tracker.adreadyclick.com
1	px.ads.linkedin.com	www.csoonline.com
1	pixelconnector.adready.com	tracker.adreadyclick.com
1	entitlements.jwplayer.com	cdn.jwplayer.com
1	r.skimresources.com	s.skimresources.com
1	libs.outbrain.com	widgets.outbrain.com
1	tr.outbrain.com	www.csoonline.com
1	googlesync.permutive.com	www.csoonline.com
1	cm.g.doubleclick.net	1 redirects
1	odb.outbrain.com	widgets.outbrain.com
1	s-jsonp.moatads.com	t.co
1	as-sec.casalemedia.com	js-sec.indexww.com
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ch	securepubads.g.doubleclick.net
1	s.skimresources.com	www.googletagmanager.com
1	htlb.casalemedia.com	js-sec.indexww.com
1	images.idgesg.net	www.csoonline.com
1	clients1.google.com	www.csoonline.com
1	pixel.staticworld.net	www.csoonline.com
1	api.rlcdn.com	js-sec.indexww.com
1	static.ads-twitter.com	t.co
1	tracker.adreadyclick.com	www.googletagmanager.com
1	cdn-0.d41.co	www.googletagmanager.com
1	z.moatads.com	s.ntv.io
1	ib.adnxs.com	cdn.permutive.com
1	www.redditstatic.com	t.co
1	w.soundcloud.com	www.googletagmanager.com
1	cdn.blueconic.net	www.csoonline.com
1	p.typekit.net	use.typekit.net
1	images.techhive.com	www.csoonline.com
1	s.ntv.io	www.csoonline.com
1	js-sec.indexww.com	www.csoonline.com
1	cdn.adsafeprotected.com	www.csoonline.com
1	ccpa.sp-prod.net	www.csoonline.com
1	d2zv5rkii46miq.cloudfront.net	www.csoonline.com
1	trib.al	1 redirects
370	100

This site contains links to these domains. Also see Links.

Domain
events.csoonline.com
www.cio.com
www.idginsiderpro.com
www.securitysmartnewsletter.com
images.idgesg.net
www.youtube.com
innovation.csoonline.com
www.computerworld.com
www.networkworld.com
www.infoworld.com
www.idg.com
www.linkedin.com
twitter.com
www.facebook.com
reddit.com
www.justice.gov
www.outbrain.com
idgtechtalk.com
pubads.g.doubleclick.net

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
idg.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-06-19` - `2021-04-20`	10 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
cmpv2.idg.co.uk Let's Encrypt Authority X3	`2020-09-24` - `2020-12-23`	3 months	crt.sh
*.sp-prod.net Let's Encrypt Authority X3	`2020-09-14` - `2020-12-13`	3 months	crt.sh
*.adsafeprotected.com Amazon	`2020-08-19` - `2021-09-18`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2019-10-28` - `2020-12-23`	a year	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2019-11-18` - `2021-02-16`	a year	crt.sh
jwplayer.com Amazon	`2020-02-29` - `2021-03-29`	a year	crt.sh
*.subscribers.com Amazon	`2020-06-26` - `2021-07-26`	a year	crt.sh
cmp.idg.de Let's Encrypt Authority X3	`2020-09-24` - `2020-12-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-09` - `2021-06-09`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.blueconic.net Thawte TLS RSA CA G1	`2019-12-04` - `2022-02-01`	2 years	crt.sh
*.soundcloud.com GlobalSign RSA DV SSL CA 2018	`2020-04-03` - `2021-07-09`	a year	crt.sh
*.d41.co DigiCert SHA2 High Assurance Server CA	`2019-04-02` - `2021-04-13`	2 years	crt.sh
www.redditstatic.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-02-22`	6 months	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.postrelease.com Amazon	`2020-02-28` - `2021-03-28`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
api.permutive.com Let's Encrypt Authority X3	`2020-08-25` - `2020-11-23`	3 months	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2020-03-09` - `2021-06-08`	a year	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-02-22`	6 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-09-09` - `2021-05-07`	8 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
jwplayer.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-24` - `2021-04-25`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2020-09-10` - `2021-10-12`	a year	crt.sh
*.google.ch GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.outbrainimg.com DigiCert Secure Site ECC CA-1	`2020-03-26` - `2021-06-25`	a year	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-09-23` - `2021-04-23`	7 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
entitlements.jwplayer.com GeoTrust RSA CA 2018	`2020-04-27` - `2022-04-28`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
static.adsafeprotected.com Amazon	`2019-11-01` - `2020-12-01`	a year	crt.sh
*.ipify.org COMODO RSA Domain Validation Secure Server CA	`2018-01-24` - `2021-01-23`	3 years	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.vidazoo.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-20` - `2021-04-03`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.c.docs.google.com GTS CA 1O1	`2020-09-15` - `2020-11-24`	2 months	crt.sh
cdn.spotxcdn.com GeoTrust RSA CA 2018	`2020-05-21` - `2021-06-20`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2019-03-20` - `2021-04-21`	2 years	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2019-03-18` - `2021-03-17`	2 years	crt.sh

This page contains 13 frames:

Primary Page: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Frame ID: 051E9B6C2DD0C2A98926855CB2EEFFAF
Requests: 342 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Frame ID: 1FED78B7DD95115E689CFC45F2CA6F18
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=8879&campId=728x90&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316865667&pubOrder=2716295266&cb=1233533998&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5711-ff31-11ea-af1a-067dc49a95c9
Frame ID: D2F04E7B2CE4D9C6D0DEEA387498361A
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqrlCMNxVJkk1teYgCQ4AzuKOBxoCUf2Udl1sQ5QCl0g-1CWlMIo4vNpUqlq14Hx758tgrHPRauwzJPbMx-u0iECDfRDtaTclMS1Mlh46k9Ac9lfjgI5o6942YmWyM6aUNrZsrxXLf4Pvwe-8aPkgcNh1Gg9iTMfQIEGl2lmSzMh694MyhpLEmBlH6H0tbslimTaKdhRPNyp-xtBKnC9uMlbACCtezAR1VMOi2yicHCu6yjdEh8Icwk8CS761roPg1Xv1fPuWukOdmL0yvL1B8GlG0FXmbb841yo5sbA&sig=Cg0ArKJSzHCnKdrJBZpbEAE&adurl=
Frame ID: BF32389995B72DBCB9DBA1B18CDDA069
Requests: 8 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=8879&campId=300x250&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316265903&pubOrder=2716295266&cb=198793054&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5712-ff31-11ea-af1a-067dc49a95c9
Frame ID: 6379856772F9AC71B5ADECA1359B7B4A
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssouojP2DDu9d86xK-JMxHj38zdktOkI24nRTEZwJfyhs1GenpYF9Vb9z34Se2HknE2cmRpd7L37lI0VL3VOQX_xApteohiV2DFpeED7BKX7zenfCSYqwGIGJDO_zociJzmKnPwZoRMd9i-icFENFZqSuLkwI_E7Wj1AovfkmT3O4WoHvvw1O3aqTgX5HOxcMnOJUUCyY1wTan_c2lcG34CAtALl2SkbHn9VjiWoTM0BI3vL5CmZDJEvkmSjZOxdMT6XV4rA0u9Zfz94fzgwwvnDdPrkuYyrNsnSkCgPw&sig=Cg0ArKJSzG4XEGcCL5B-EAE&adurl=
Frame ID: ED724949ACA56B326E59A4E3F0BDB123
Requests: 8 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8895306163440366
Frame ID: 7FD89F6A0095622F072C3ED82FF5D958
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: CD85D72DB3D7C2C2740B08A83A90C8BC
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: E54D281BA53EDBCEC9822840C50E025F
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 95B12C0904D6ACADEAF3879BEA7FE6AD
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: F188144F9E5698DC6D6E7954D0D8B2F4
Requests: 1 HTTP requests in this frame

Frame: https://static.vidazoo.com/basev/1.0.425/prebid/prebid.js
Frame ID: CD31A55016FDEF738C9DA136792E0B73
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: 16BF7039307A7E0FC6446B35DA5A3B96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/chVwWS4jhn Page URL
http://trib.al/Vgomuon HTTP 301
https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-... Page URL

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

370
Requests

99 %
HTTPS

32 %
IPv6

61
Domains

100
Subdomains

77
IPs

6
Countries

7830 kB
Transfer

17266 kB
Size

8
Cookies

53 Outgoing links

These are links going to different origins than the main page.

URL: http://events.csoonline.com/idgeventsmain
Title: Events

Search URL Search Domain Scan URL

URL: https://www.cio.com/article/3542608/introducing-the-idg-tech-talk-community.html
Title: IDG TECH(Talk) Community

Search URL Search Domain Scan URL

URL: https://www.idginsiderpro.com/subscribe
Title: NEW FROM IDG Learn More

Search URL Search Domain Scan URL

URL: http://www.securitysmartnewsletter.com/
Title: Security Smart - Make your organization security smart with CSO’s quarterly security awareness newsletter

Search URL Search Domain Scan URL

URL: http://events.csoonline.com/ehome/index.php?eventid=398516&
Title: IDG Events

Search URL Search Domain Scan URL

URL: https://images.idgesg.net/assets/2019/09/editorial20calendar_2020.pdf
Title: Editorial Calendar

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PL7D2RMSmRO9LVXWPGmGl6MbIh5KiRsgfK
Title: IDG TECH(talk) Channel

Search URL Search Domain Scan URL

URL: https://innovation.csoonline.com/microsoft-security/p/1?utm_source=cso&utm_medium=organic&utm_campaign=microsoft21247&utm_content=hamburger_menu
Title: The Innovator's Guide to Cloud-Based Security

Search URL Search Domain Scan URL

URL: https://www.cio.com/

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/analytics/
Title: Analytics

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/cio-role/
Title: CIO Role

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/digital-transformation/
Title: Digital Transformation

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/it-leadership/
Title: Leadership

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/governance/
Title: Government

Search URL Search Domain Scan URL

URL: https://www.cio.com/category/project-management/
Title: Project Management

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/blockchain/
Title: Blockchain

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/collaboration/
Title: Collaboration

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/mobile/
Title: Mobile

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/office-software/
Title: Office Software

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/security/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/systems-management/
Title: Systems Management

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/category/windows/
Title: Windows

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/data-center/
Title: Data Center

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/internet-of-things/
Title: Internet of Things

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/linux/
Title: Linux

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/networking/
Title: Networking

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/sd-wan/
Title: SD-WAN

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/servers/
Title: Servers

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/categoryenterprise-storage/
Title: Storage

Search URL Search Domain Scan URL

URL: https://www.networkworld.com/category/wi-fi/
Title: Wi-Fi

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/analytics/
Title: Analytics

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/cloud-computing/
Title: Cloud Computing

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/databases/
Title: Databases

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/devops/
Title: Devops

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/machine-learning/
Title: Machine Learning

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/open-source/
Title: Open Source

Search URL Search Domain Scan URL

URL: https://www.infoworld.com/category/application-development/
Title: Software Development

Search URL Search Domain Scan URL

URL: https://www.idg.com/work-here/
Title: IDG Careers

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/csoonline

Search URL Search Domain Scan URL

URL: https://twitter.com/csoonline

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CSOonline

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&via=csoonline&text=WastedLocker+explained%3A+How+this+targeted+ransomware+extorts+millions+from
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&title=WastedLocker+explained%3A+How+this+targeted+ransomware+extorts+millions+from
Title:

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&title=WastedLocker+explained%3A+How+this+targeted+ransomware+extorts+millions+from
Title:

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens
Title: indicted two Russian nationals

Search URL Search Domain Scan URL

URL: https://www.outbrain.com/what-is/default/en
Title: Recommended by

Search URL Search Domain Scan URL

URL: https://idgtechtalk.com/recruitment/survey/17257?recruitmentCode=uU6AIcsYTMNUpuOw428R
Title: Join the IDG TECH(talk) Community, an exclusive online network where IT experts find resources to enhance their knowledge and career.

Search URL Search Domain Scan URL

URL: http://pubads.g.doubleclick.net/gampad/clk?id=5267789195&iu=/8456/IDG.US_E_CSOOnline.com
Title: dtSearch® instantly searches terabytes of files, emails, databases, web data. See site for hundreds of reviews; enterprise & developer evaluations

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/chVwWS4jhn Page URL
http://trib.al/Vgomuon HTTP 301
https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679 HTTP 302
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEFSj7pFGCO7N2tb0NEivwRg&error=&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679&google_cver=1

Request Chain 160

https://match.adsrvr.org/track/cmf/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679 HTTP 302
https://api.permutive.com/v2.0/px/sync?ku=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679&alias=d71e4cbf-35ef-4a29-9ce2-4a08e3d4645b&type=tradedesk

Request Chain 232

https://cdn.jwplayer.com/tracks/yknHyery.vtt HTTP 301
https://assets-jpcust.jwpsrv.com/tracks/yknHyery.vtt

Request Chain 234

https://cdn.jwplayer.com/strips/z8f8K3bE-120.vtt HTTP 301
https://assets-jpcust.jwpsrv.com/strips/z8f8K3bE-120.vtt

Request Chain 235

https://cdn.jwplayer.com/v2/media/z8f8K3bE/poster.jpg?width=720 HTTP 302
https://assets-jpcust.jwpsrv.com/thumbnails/e2n1o0kt-720.jpg

Request Chain 339

https://redirector.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/ip,ipbits,expire,id,itag,source,requiressl,acao,mime,ctier/signature/9F0856BF5326A8A358FE09CA6EDABE44AC857BBF.691BFD6937A234B670B58A41C9B4B6EDE931E1E6/key/ck2/file/file.webm HTTP 302
https://r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,requiressl,source/signature/5AC682E06F50DB3EB5C52AEAA9C3E0B40AE8E4A6.1C9221B34DE5DF34649AE93416473ECE3853149B/key/cms1/cms_redirect/yes/mh/O6/mip/2a01:4f8:192:5414::2/mm/28/mn/sn-4g5ednsl/ms/nvh/mt/1601039718/mv/m/mvi/3/pl/40/file/file.webm

Request Chain 351

https://js.spotx.tv/directsdk/v1/265228.js HTTP 307
https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js

Request Chain 354

https://sync.search.spotxchange.com/partner?source=dados HTTP 302
https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=52837e30-ff31-11ea-b949-1093d7b31906

370 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 chVwWS4jhn
t.co/ 260 B
379 B 278ms
147ms Document
text/html 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/chVwWS4jhn

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /chVwWS4jhn
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 191
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Fri, 25 Sep 2020 13:16:04 GMT
expires: Fri, 25 Sep 2020 13:21:04 GMT
referrer-policy: unsafe-url
server: tsa_o
set-cookie: muc=513b8880-b5c0-4ec0-9516-53950b973990; Max-Age=63072000; Expires=Sun, 25 Sep 2022 13:16:04 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 0fc3cb2104ee8c6b5e10f0c8559939ae
x-response-time: 131
x-xss-protection: 0

GET
H2

200

Primary Request wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html Show response
www.csoonline.com/article/3574907/
Redirect Chain

http://trib.al/Vgomuon
https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_sourc...

155 KB
43 KB

251ms
205ms

Document
text/html

151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Requested by: Host: t.co
URL: https://t.co/chVwWS4jhn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: b87b6f6df6ef31e432a1de46097189259d52c2b5d9fee5b92c92281e02f1e7bd

Request headers

:method: GET
:authority: www.csoonline.com
:scheme: https
:path: /article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/chVwWS4jhn
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: aiia=true; _sp_enable_dfp_personalized_ads=false; _sp_v1_uid=1:683:3b64ecf9-d53e-48c0-8263-91a4407adf12; _sp_v1_data=2:202832:1601039764:0:1:0:1:0:0:_:-1; _sp_v1_ss=1:H4sIAAAAAAAAAItWqo5RKimOUbKKxmDklebk6MQopSKxS8AS1bW1sSRLKOlgWkWWDdgMGkJuxqdfKRYAILxxHpABAAA%3D; _sp_v1_opt=1:; _sp_v1_csv=null; _sp_v1_lt=1:; consentUUID=c9f52671-711d-4cbc-9b38-f62f83730ef7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://t.co/chVwWS4jhn

Response headers

status: 200
server: Apache-Coyote/1.1
content-type: text/html;charset=UTF-8
content-encoding: gzip
accept-ranges: bytes bytes
via: 1.1 varnish 1.1 varnish
age: 30724
date: Fri, 25 Sep 2020 13:16:05 GMT
set-cookie: fastlyCountryCode=CH
x-served-by: cache-sjc10051-SJC, cache-sjc10051-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 1, 1, 0, 0
x-timer: S1601039765.212828,VS0,VE144
vary: Accept-Encoding,Cookie
x-via-fastly: Verdad
x-vcl-version: 50
content-length: 43620

Redirect headers

Date: Fri, 25 Sep 2020 13:16:05 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 479
Connection: keep-alive
Server: CherryPy/7.1.0
Location: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Cache-Control: private, max-age=0, no-cache
Set-Cookie: t="lT6OsuxOSOOS8DjEn41sRg=="; Domain=.trib.al; expires=Fri, 06 Jan 2034 23:13:40 GMT; Path=/; Version=2 tribal="7wSOKSEySKqDTaaKqnjvMw=="; expires=Fri, 06 Jan 2034 23:13:40 GMT; Path=/; Version=2

GET
H2 200 jquery-1.10.2.min.js Show response
www.csoonline.com/www/js/jquery/ 91 KB
32 KB 324ms
45ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: b52e06f854795718703ef9723b47a9a23edcbe2ae53ff261926d8d6059056cfe

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 492807
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 32845
x-via-fastly: Verdad
x-served-by: cache-sjc10075-SJC, cache-sjc10075-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Wed, 02 Sep 2020 18:40:00 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877754,VS0,VE0
etag: W/"93639-1599072000000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Sun, 13 Sep 2020 06:52:23 GMT

GET
H2 200 jquery_cookie.js Show response
www.csoonline.com/www/js/jquery/ 2 KB
1 KB 327ms
48ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/jquery/jquery_cookie.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 02d2940a00290f3a9e4955de7821626688c0cacde8c97c762838e6b40ab22926

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 97795
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 908
x-via-fastly: Verdad
x-served-by: cache-sjc10029-SJC, cache-sjc10029-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:37:00 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877632,VS0,VE0
etag: W/"1946-1600799820000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 20:05:41 GMT

GET
H2 200 apollo-locales.js Show response
www.csoonline.com/www/js/ 4 KB
2 KB 326ms
47ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/apollo-locales.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 8d8685788fb9f068527bb37b61f70a685dc17e3f86475c35f8b6719e068db491

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23806
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 4, 4, 3, 3
content-length: 1430
x-via-fastly: Verdad
x-served-by: cache-sjc10042-SJC, cache-sjc10042-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:58 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877649,VS0,VE0
etag: W/"3919-1600963138000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:39:09 GMT

GET
H2 200 cmp_shim.js Show response
d2zv5rkii46miq.cloudfront.net/0/latest/ 4 KB
2 KB 281ms
0ms Script
application/javascript 2600:9000:2057:a000:17:5578:e080:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2zv5rkii46miq.cloudfront.net/0/latest/cmp_shim.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:a000:17:5578:e080:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 120fb2279d5061dd4a428f935fdf10c09e95c1f2ec0346f7aaf6c8b7f382cf49

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 12:38:19 GMT
content-encoding: gzip
last-modified: Wed, 27 Nov 2019 22:52:51 GMT
server: AmazonS3
age: 2266
etag: "1de86d90311bcd5ee000f2f732b294a9"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 1698
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70f.cloudfront.net (CloudFront)
x-amz-cf-id: JapcMMOazOlMNzDMxHB9EcLItG3amRJaes4leKoioOK3AFnYu9iZMQ==

GET
H2 200 wrapperMessagingWithoutDetection.js Show response
cmpv2.csoonline.com/ 141 KB
41 KB 339ms
62ms Script
application/javascript 143.204.215.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmpv2.csoonline.com/wrapperMessagingWithoutDetection.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.94 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-94.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 27ab02fc09609aecbf3650c6dddbd427ccd7b3ee2cedad7c8e450cbcdc1ac938

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:09:09 GMT
content-encoding: gzip
last-modified: Wed, 16 Sep 2020 19:47:01 GMT
server: AmazonS3
age: 417
etag: "7b409047676dccb3556b8c834322c582"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: RPwwHmU13cSes-65N0QafqnnxaXuxu_GsRuG9j-pFJmC9z72JYMmZg==
via: 1.1 850ccace60916919bf31313cb9176e01.cloudfront.net (CloudFront)

GET
H2 200 ccpa.js Show response
ccpa.sp-prod.net/ 54 KB
18 KB 344ms
67ms Script
application/javascript 143.204.94.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ccpa.sp-prod.net/ccpa.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.111 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-111.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b3be241d203ddc10730645993381cf8341eef547c398ee56c0eb4827436f916b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 12:50:42 GMT
content-encoding: gzip
last-modified: Fri, 18 Sep 2020 17:41:39 GMT
server: AmazonS3
age: 1524
etag: "1f5c8db9be34979ef4216a34e49931ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: H9iBElJqJd2YsrBHCq3xYrmZSGRz2INbpo9YVxmSiNOoVWFfrYxEog==
via: 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)

GET
H2 200 init_device.js Show response
www.csoonline.com/www/js/ 585 B
556 B 621ms
348ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/init_device.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 4f4ed0e81c2f0016d06ae816dd872edc04e97612c9d36f2f3f4475f2954e7fcc

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 79263
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 6, 6, 3, 3
content-length: 304
x-via-fastly: Verdad
x-served-by: cache-sjc10041-SJC, cache-sjc10041-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:54 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904924,VS0,VE0
etag: W/"585-1600799814000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 01:14:50 GMT

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 136ms
36ms Script
application/javascript 143.204.215.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.63 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-63.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Sep 2020 22:50:30 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 08 Jul 2020 20:34:30 GMT
Server: AmazonS3
Age: 570340
ETag: W/"a8663f72a1dbe614b19f167a59af368d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: phlfGBJyEb9NUr71_a_xPoWoseLnJzxKdJzVSOuiWAkzfX5OqzFsPg==

GET
H/1.1 200
OK 183980-47728333013839.js Show response
js-sec.indexww.com/ht/p/ 135 KB
39 KB 191ms
91ms Script
text/javascript 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c40f90a9715ce5308df7a8abea2adf84a79a9110aa373a9cb20891ddbba6061

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:09 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Sep 2020 13:15:53 GMT
Server: Apache
ETag: "762d5e-21af1-5b0231dc8bc97"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3597
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 39503
Expires: Fri, 25 Sep 2020 14:16:06 GMT

GET
H2 200 gpt_includes.js Show response
www.csoonline.com/www/js/ads/ 18 KB
5 KB 625ms
352ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/gpt_includes.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 631a01372ce75d21c9d888592b11672618e35a3c11c8479d9e11c342ccfe3045

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23729
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 435, 435
content-length: 5077
x-via-fastly: Verdad
x-served-by: cache-sjc10035-SJC, cache-sjc10035-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:48 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904894,VS0,VE0
etag: W/"18409-1600963128000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:38:33 GMT

GET
H2 200 thm_pre.js Show response
www.csoonline.com/www.idge/js/ 24 KB
5 KB 393ms
122ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/thm_pre.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 71a9f7971618b14dc4014c55de13c36da054db21b986c50a6d112eaf9e366418

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23993
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 5245
x-via-fastly: Verdad
x-served-by: cache-sjc10060-SJC, cache-sjc10060-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:53:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904864,VS0,VE0
etag: W/"24746-1600962832000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:49 GMT

GET
H2 200 gpt_starter.js Show response
www.csoonline.com/www/js/ads/ 330 B
463 B 396ms
124ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/gpt_starter.js?1234
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: ad20d2d42fcbd58ad9c50a6e53db21bf4425be6f8237a41f109c2717c30b4067

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 455088
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 238
x-via-fastly: Verdad
x-served-by: cache-sjc10024-SJC, cache-sjc10024-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Wed, 02 Sep 2020 18:39:44 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904839,VS0,VE0
etag: W/"330-1599071984000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Sun, 13 Sep 2020 18:59:42 GMT

GET
H2 200 ias_gpt_launcher.js Show response
www.csoonline.com/www/js/ads/ 2 KB
925 B 397ms
126ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/ias_gpt_launcher.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 7a79188b7db1b69d86f8bb8a1ba54d3fda27b7e7c7037c7b99095ef1b0b42925

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23993
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 688
x-via-fastly: Verdad
x-served-by: cache-sjc10059-SJC, cache-sjc10059-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:50 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904836,VS0,VE0
etag: W/"1627-1600963130000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:50 GMT

GET
H2 200 article.css
www.csoonline.com/www/css/ 231 KB
34 KB 306ms
36ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/css/article.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a8df0678076b92038596e4a3b1c8a9d230275e4dbe72ae9ccd4ed99eed08ade0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 24042
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 34197
x-via-fastly: Verdad
x-served-by: cache-sjc10041-SJC, cache-sjc10041-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:36 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.876615,VS0,VE0
etag: W/"236520-1600962996000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:05 GMT

GET
H2 200 insider-promo-styles.css
www.csoonline.com/www.idge/css/ 7 KB
2 KB 316ms
46ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/insider-promo-styles.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 38d4510c34bf1c09a3f7bac5337fd42b04e5f4355db6d5e4f16c5f38672da6ea

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23994
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 1649
x-via-fastly: Verdad
x-served-by: cache-sjc10051-SJC, cache-sjc10051-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:04 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877795,VS0,VE0
etag: W/"7593-1600962964000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:05 GMT

GET
H2 200 article.css
www.csoonline.com/www.idge.cso/css/ 44 KB
7 KB 293ms
44ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge.cso/css/article.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 20aae1e27cc1b9df4f61555525643b743c88437d0cf1e9eab67b1608cde7357f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 24043
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 7054
x-via-fastly: Verdad
x-served-by: cache-sjc10078-SJC, cache-sjc10078-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:54:40 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877777,VS0,VE0
etag: W/"45297-1600962880000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:05 GMT

GET
H2 200 ss-social.css
www.csoonline.com/www.idge/css/webfonts/ 3 KB
1 KB 282ms
43ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/webfonts/ss-social.css
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: c2787f84ac525e6b202f56eb25ef03f40017d11100280dd6f3866cadb4d1f50c

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 81634
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 18, 18, 1431, 1431
content-length: 885
x-via-fastly: Verdad
x-served-by: cache-sjc10048-SJC, cache-sjc10048-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:34:02 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877748,VS0,VE0
etag: W/"3417-1600799642000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 00:35:30 GMT

GET
H2 200 ss-standard.css
www.csoonline.com/www.idge/css/webfonts/ 11 KB
3 KB 283ms
44ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/webfonts/ss-standard.css
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: b59054e128a42511aa22399d02cd8365ac1c66a6efe6f4f11cfe1ae16284db0c

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 50045
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 2472
x-via-fastly: Verdad
x-served-by: cache-sjc10032-SJC, cache-sjc10032-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:10 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877720,VS0,VE0
etag: W/"11639-1600962970000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 23:22:00 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.6.1/css/ 52 KB
13 KB 291ms
53ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.1/css/all.css
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 453893f7daa3d8fe9716f8c6d0f36f8ade8cacfc0093e164f4f998b46427959e

Request headers

Origin: https://www.csoonline.com
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 17:44:03 GMT
server: NetDNA-cache/2.2
status: 200
etag: W/"b8085bf2c839791244bd95f56fb93c01"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 xyb0fnv.css
use.typekit.net/ 4 KB
957 B 237ms
0ms Stylesheet
text/css 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/xyb0fnv.css

Requested by

Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

nginx /

Resource Hash

ed7ff5793961f334165563c347d29d32cbab46d8be7c216aaa068c95b618fe8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
status: 200
date: Fri, 25 Sep 2020 13:16:05 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 757

GET
H2 200 ad.js Show response
www.csoonline.com/www/js/ads/ 19 B
304 B 357ms
120ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/ad.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 6a0f6cf6b4648c192d81b5fc7b70cb2f6819ef4a799e421e8626cae9697aa85a

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 44462
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 51, 51, 3, 3
content-length: 39
x-via-fastly: Verdad
x-served-by: cache-sjc10060-SJC, cache-sjc10060-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:48 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904798,VS0,VE0
etag: W/"19-1600963128000"
vary: Cookie, Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Fri, 02 Oct 2020 00:55:04 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 338 KB
98 KB 220ms
120ms Script
application/x-javascript 23.210.250.13
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.13 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-13.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2e93ce556067b7b36614268b2800f434ec9bf82b67bd11fc4c7153816e2e205d

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:09 GMT
Content-Encoding: gzip
x-amz-request-id: E0C96CA2FB6746C4
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: +LSGAIMH8cbDQyT9XVCzsfUYeZXI8u4jR8InLAPq+f7gmCy+/Lc8pEK9Nt/03yZEU177ioex9/Y=
Last-Modified: Mon, 21 Sep 2020 20:57:45 GMT
Server: AmazonS3
ETag: "d96d442c923523d685302722984e34b0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 insider_reg_api.js Show response
www.csoonline.com/www/js/insider/ 61 KB
22 KB 360ms
123ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/insider/insider_reg_api.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 7aecb1cdbdd9262694abfe07426607cd3f7dd6756821c4490b7f8bc6f657fd22

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23805
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 21821
x-via-fastly: Verdad
x-served-by: cache-sjc10030-SJC, cache-sjc10030-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:59:04 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.904764,VS0,VE0
etag: W/"62129-1600963144000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:39:09 GMT

GET
H2 200 8yHZorDV.js Show response
cdn.jwplayer.com/libraries/ 112 KB
37 KB 255ms
14ms Script
text/javascript 2600:9000:206e:2600:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:2600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: b99f3fcd814502aee6281200cbc7b0f77f2dbb267b90d6ad8e29c6036c1e1af3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:15:53 GMT
content-encoding: gzip
server: openresty
age: 11
status: 200
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=150, max-stale=180
x-amz-cf-pop: VIE50-C1
content-length: 37448
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-amz-cf-id: NguY9-WdK0hm4a87CXgCBkbz5ql7fTs_DFIBWIGUXo8S3d_iwbZvuQ==
expires: Fri, 25 Sep 2020 13:16:54 GMT

GET
H2 200 oc-header.css
www.csoonline.com/www/css/ 37 KB
7 KB 278ms
45ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: db29aa88ea3a11062a7dc45fcc65be9b8dc3fff9c849078dd6809d35974e86ec

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23994
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 5, 5, 3, 3
content-length: 7343
x-via-fastly: Verdad
x-served-by: cache-sjc10083-SJC, cache-sjc10083-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:40 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877678,VS0,VE0
etag: W/"38076-1600963000000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:05 GMT

GET
H2 200 oc-header.css
www.csoonline.com/www.idge.cso/css/ 6 KB
2 KB 279ms
46ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge.cso/css/oc-header.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f02ed5ac7850392ad9eeb1c1bc4dc5ecfb1cb8474a8f628add9edc351e6ea680

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:05 GMT
content-encoding: gzip
age: 23994
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 5, 5, 3, 3
content-length: 1803
x-via-fastly: Verdad
x-served-by: cache-sjc10069-SJC, cache-sjc10069-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:54:44 GMT
server: Apache-Coyote/1.1
x-timer: S1601039766.877675,VS0,VE0
etag: W/"6381-1600962884000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:05 GMT

GET
H2 200 CSO-logo-nameplate.svg
alt.idgesg.net/images/furniture/cso/ 4 KB
5 KB 230ms
93ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/cso/CSO-logo-nameplate.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 37aa2df6eabbf801c05c6c35dc8314f9e284868f1a6ef2cb2732d2d33daff9f3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: J7_zC4ZmBAKw_gubpezt0MRF7dQSpkU9
via: 1.1 varnish
etag: "bfed2d4c9019f149b8d0f1ce2174b10b"
age: 3468
x-amz-meta-origin-date-iso8601: 2019-03-20T14:31:00.000Z
x-cache: HIT
status: 200
content-length: 4328
x-amz-id-2: 9dYoh1KBsYrvW60Jlo0uUWuYPpt9xVDwVWsfAbkZOT+4C8HK3QzeMWtaF5OMKfwWHQX1xMFk4wk=
x-served-by: cache-hhn4033-HHN
last-modified: Wed, 20 Mar 2019 14:31:18 GMT
server: AmazonS3
x-timer: S1601039769.118507,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: DCB828CBCA5662AB
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 3

GET
H2 200 content-ribbon.css
www.csoonline.com/www/css/ 2 KB
781 B 147ms
45ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/css/content-ribbon.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: fd66d8dc41c06a99c3877934b3af8d38de72f3a94db252c0b9474bec35014491

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:07 GMT
content-encoding: gzip
age: 23959
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 522
x-via-fastly: Verdad
x-served-by: cache-sjc10064-SJC, cache-sjc10064-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:36 GMT
server: Apache-Coyote/1.1
x-timer: S1601039767.113189,VS0,VE0
etag: W/"1829-1600962996000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:06 GMT

GET
H2 200 date-time-moments.js Show response
www.csoonline.com/www/js/ 121 KB
32 KB 137ms
36ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/date-time-moments.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5156e9286b87b1e03f6151c2bb29ad54d2b9da4df874a23c742a0693bdc209a1

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:07 GMT
content-encoding: gzip
age: 186206
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 5, 5, 3, 3
content-length: 32323
x-via-fastly: Verdad
x-served-by: cache-sjc10028-SJC, cache-sjc10028-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:50 GMT
server: Apache-Coyote/1.1
x-timer: S1601039767.113164,VS0,VE0
etag: W/"123832-1600799810000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Tue, 29 Sep 2020 19:32:22 GMT

GET
H2 200 facebook.svg
idge.staticworld.net/images/ 817 B
1 KB 235ms
98ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/facebook.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 676aa6d4090a54ea6893484095f55c80659fb8538db100cdb8ce1dc82bab42b8

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: z0fEqr9qBUOYVzkAEhE7W.44xxx.2BcQ
via: 1.1 varnish
etag: "e54119fb283fa31d7980c946d19e701f"
age: 509
x-cache: HIT
status: 200
content-length: 817
x-amz-id-2: Ohwtqf0YJ2RDSLDQ6ygHpCI/Bedq6Xjam03KjOBVaD1VD0cNYKWP+tyaNVg+nMWZNFRtV31Ep+Y=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:09 GMT
server: AmazonS3
x-timer: S1601039769.118943,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: C27B9C812A76769E
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 6

GET
H2 200 twitter.svg
idge.staticworld.net/images/ 1 KB
1 KB 339ms
38ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/twitter.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 464e7cde418a559c5035942d1ab154d5d906f378f256a0dd39848d197df6180d

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mIV1aQJqOkkgyHLgPXYdWBvfLAAcgw1y
via: 1.1 varnish
etag: "5c2cee17abf8296b156fa142e69516df"
age: 3458
x-cache: HIT
status: 200
content-length: 1128
x-amz-id-2: NhvOk/sWt0oJc66EotgeUwwSgg5zYqKPMh+Fo8X85wM44/3zjjFJKdRY2snW9QzT8aydVaBIdIQ=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:11 GMT
server: AmazonS3
x-timer: S1601039769.416314,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 5B8D74EA6EA54455
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 24

GET
H2 200 linkedin.svg
idge.staticworld.net/images/ 786 B
1008 B 291ms
19ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/linkedin.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 03643efcf63e8fbfe6571cd0f1a4ce49f8575a7bee74f2e9fd7fab344e474e48

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: dIfJAJb7rR9o.DnrV3iep_mz2NuSUCHZ
via: 1.1 varnish
etag: "b828f13d2d6015e831f675f1ca0c1908"
age: 209
x-cache: HIT
status: 200
content-length: 786
x-amz-id-2: oWRC9szZfsZab/XtUYVPxC6mpn4ydd2KGXygrQU34ZNdhaz53esArJVGVtQvSXbW6sulxFbSf+I=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:10 GMT
server: AmazonS3
x-timer: S1601039770.586304,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 4D45075BBE46D7FA
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 3

GET
H2 200 reddit.svg
idge.staticworld.net/images/ 2 KB
2 KB 231ms
18ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/reddit.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47c749c888c850505d68f2745651928d8aec9a6802d6a8b20869fa114af92277

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: X1o6g.mfoioyv5Lswf3F9n.2ID0CCWF9
via: 1.1 varnish
etag: "8159d85ae759a8d251edb65b4dcd285d"
age: 1779
x-cache: HIT
status: 200
content-length: 1556
x-amz-id-2: kfblnRaYXGnvJTA0+ZKPlQxzQbA/rImXwqTSL77ahnCx0QXHGvyMoBMPn3MEzKBve+T6AXSNlw4=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:10 GMT
server: AmazonS3
x-timer: S1601039770.586250,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: EA0251490543D343
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 11

GET
H2 200 mail.svg
idge.staticworld.net/images/ 631 B
900 B 207ms
18ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/mail.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83d86c9e7359ed844c0e7682abcd5cdb65222d421c61156f17791ac6c2650274

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: W1fLolU3CaghgVscFveqAiphPY036Sqp
via: 1.1 varnish
etag: "c8fc97e05e008a042825f64ee7d414d1"
age: 1087
x-cache: HIT
status: 200
content-length: 631
x-amz-id-2: 2dTQUaZoRbRT7Zuw8/kv0jazHdR+BLz6Fm4EgGKmUfpkstSWZ8gnP9oJy0OlJELFHx9zX95uVbA=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:10 GMT
server: AmazonS3
x-timer: S1601039770.586244,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 130E0995370BDF42
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 6

GET
H2 200 print.svg
idge.staticworld.net/images/ 782 B
1 KB 223ms
107ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/print.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b197985c0bef8bc365381bd16e15dccf184eb33d0abf0afdb4f567da2000fb2

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: .7Gmo7QCRJqJTxCocIfBynAqOGj25mL.
via: 1.1 varnish
etag: "a9f65e3b5eddc5c537118a146a3333c7"
age: 1359
x-cache: HIT
status: 200
content-length: 782
x-amz-id-2: btsi/DKslPtw3Q4tDU0WcGmQMIyVIEcBXDtSaiiXn8oURvjvYWf5ny0x8g8OecXEtfRdaInENWk=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:10 GMT
server: AmazonS3
x-timer: S1601039770.621779,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: F98051588FA7FC6F
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 8

GET
H2 200 lucian_constantin-100258922-byline.jpg
images.techhive.com/images/article/2014/04/ 5 KB
6 KB 250ms
135ms Image
image/jpeg 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.techhive.com/images/article/2014/04/lucian_constantin-100258922-byline.jpg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9b1e8d6a6fbd575fde082a6cb30309f23fa6ff311452aefe5e18f6cf0ee80fbe

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: X8COOW6fHUBzDvpqxwCJGCZv8g_D7Gi8
via: 1.1 varnish
etag: "6e7116dc13531f473c9788bc7bbeea7e"
age: 6
x-cache: HIT
status: 200
content-length: 5516
x-amz-id-2: a5RDJG1OHsNZW5jOtsTZLC8FdWDsq7WbQibwd3g6jglKSFWNVPCev0lzkJCT1NzcFAsxCS4b+tY=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 21 May 2019 06:02:33 GMT
server: AmazonS3
x-timer: S1601039770.622542,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: AAFC286596F68269
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/jpeg
x-cache-hits: 3

GET
H2 200 stickyLb.js Show response
www.csoonline.com/www/js/ads/ 4 KB
1 KB 59ms
58ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/stickyLb.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f6bbd3540733be952a2921b2e4716d3b5190d5897510efcf9baa09649a1eaedf

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:07 GMT
content-encoding: gzip
age: 47065
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 5, 5, 3, 3
content-length: 1257
x-via-fastly: Verdad
x-served-by: cache-sjc10052-SJC, cache-sjc10052-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039767.268223,VS0,VE0
etag: W/"3657-1600963132000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Fri, 02 Oct 2020 00:11:41 GMT

GET
H2 200 deal-modules.js Show response
www.csoonline.com/www/js/ 783 B
611 B 80ms
54ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/deal-modules.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: cdf2700459ab474c9e19ccf7a3b9c6044a6cf2f2ff7bb0e1ab7bde2304409c87

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:08 GMT
content-encoding: gzip
age: 182017
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 345
x-via-fastly: Verdad
x-served-by: cache-sjc10073-SJC, cache-sjc10073-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.976827,VS0,VE0
etag: W/"783-1600799812000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Tue, 29 Sep 2020 20:42:08 GMT

GET
H2 200 embedder-jwp.js Show response
www.csoonline.com/www/js/video/ 2 KB
867 B 85ms
59ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/video/embedder-jwp.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f0b97fc49950832323730d508911fa12bd098eca0670ccb3a18ada5af3a34699

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:08 GMT
content-encoding: gzip
age: 23954
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 640
x-via-fastly: Verdad
x-served-by: cache-sjc10055-SJC, cache-sjc10055-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:59:22 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.976827,VS0,VE0
etag: W/"1760-1600963162000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:36:40 GMT

GET
H2 200 jquery.lazyload-ad.js Show response
www.csoonline.com/www/js/ads/ 10 KB
3 KB 89ms
61ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/ads/jquery.lazyload-ad.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 4e6b5fc328bac95eec2e30afa8a58224c9accc6d70daf0e864d75c4c6d07fe94

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 101656
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 3069
x-via-fastly: Verdad
x-served-by: cache-sjc10038-SJC, cache-sjc10038-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:40 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.001701,VS0,VE0
etag: W/"9912-1600799800000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 18:59:59 GMT

GET
H2 200 tso-links.css
www.csoonline.com/www.idgcsmb/css/ 991 B
642 B 88ms
60ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idgcsmb/css/tso-links.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: b42412a0e2fd452601f89dc9119e8dc4c563d204e6a54ba2f91e7c046f9de3a4

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 74333
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 4, 4, 3, 3
content-length: 473
x-via-fastly: Verdad
x-served-by: cache-sjc10066-SJC, cache-sjc10066-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:54:22 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.001662,VS0,VE0
etag: W/"991-1600962862000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:37:14 GMT

GET
H2 200 foot.css
www.csoonline.com/www.idge/css/ 9 KB
2 KB 87ms
59ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/foot.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 1e9a75fd7f2fb65368a815adfe3aa6d983fe7e20a3b5bc208eb36585e005a227

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 23978
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 1972
x-via-fastly: Verdad
x-served-by: cache-sjc10066-SJC, cache-sjc10066-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:56:02 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.001626,VS0,VE0
etag: W/"8732-1600962962000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:06 GMT

GET
H2 200 foot.css
www.csoonline.com/www.idge.cso/css/ 2 KB
833 B 86ms
59ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge.cso/css/foot.css?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: b7a1d704835d432cc1c9edeae10428e2f1d7630977cd45db0e3c149fb3feea33

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 23978
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 614
x-via-fastly: Verdad
x-served-by: cache-sjc10052-SJC, cache-sjc10052-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:54:42 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.001568,VS0,VE0
etag: W/"2005-1600962882000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:06 GMT

GET
H2 200 logo-footer-white.png
alt.idgesg.net/images/logos/ 2 KB
3 KB 233ms
97ms Image
image/png 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/logos/logo-footer-white.png
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 537d7a2ee55484fcb24cea45dd4593d1f478d83545b0399616af969a69c88c41

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: edGv5yqk7j95QLH6YobDRVsDJWVAgek8
via: 1.1 varnish, 1.1 varnish
etag: "503ef0c72f7205129e4048cf0aea6fe9"
age: 911020
x-amz-meta-origin-date-iso8601: 2018-07-16T13:16:57.000Z
x-cache: HIT, HIT
status: 200
content-length: 2259
x-amz-id-2: mV2nRmEY4tpr/o/Afjy/yxOAPou6XvMFfe0MpvMJ+s1fjQEEL09M2uwAT/uyf2z4M6BCuRMX1Yc=
x-served-by: cache-jfk8132-JFK, cache-hhn4033-HHN
last-modified: Mon, 16 Jul 2018 13:17:37 GMT
server: AmazonS3
x-timer: S1601039769.118926,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 7889FB8FB472D52C
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/png
x-cache-hits: 2, 69

GET
H2 200 jquery-ui.js Show response
www.csoonline.com/www/js/jquery/ 292 KB
70 KB 148ms
133ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/jquery/jquery-ui.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 66b5ca68288cc2506f1c5709fe38cebccca428406a7ce96e392718203666d503

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 603139
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 71002
x-via-fastly: Verdad
x-served-by: cache-sjc10034-SJC, cache-sjc10034-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Wed, 02 Sep 2020 18:40:02 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.125822,VS0,VE0
etag: W/"299210-1599072002000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Fri, 11 Sep 2020 15:09:42 GMT

GET
H2 200 jquery.dfp.min.js Show response
www.csoonline.com/www/js/jquery/ 4 KB
2 KB 251ms
236ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/jquery/jquery.dfp.min.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 053d5c873a012d89c7a079d097426cfddb18b28494a55c51eff89e0294540dfd

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 138470
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 7, 7, 3, 3
content-length: 1722
x-via-fastly: Verdad
x-served-by: cache-sjc10052-SJC, cache-sjc10052-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:58 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.126309,VS0,VE0
etag: W/"4433-1600799818000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 08:48:17 GMT

GET
H2 200 shortstack_nav.js Show response
www.csoonline.com/www.idge/js/mule/ 2 KB
687 B 223ms
209ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/mule/shortstack_nav.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: fb6b1425ff73fe62d725a3981ac08d9f57e16e14d5ae321c617e21e1d7403d1f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 48582
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 480
x-via-fastly: Verdad
x-served-by: cache-sjc10037-SJC, cache-sjc10037-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:20 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.126279,VS0,VE0
etag: W/"2129-1600963100000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 23:46:26 GMT

GET
H2 200 tracking.js Show response
www.csoonline.com/www/js/analytics/ 1 KB
805 B 280ms
266ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/analytics/tracking.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 607bfd152e5c762ba0f0502f653c7bbb546ad7955e792a9840d4ae28a8219423

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 173728
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 3, 3, 3, 3
content-length: 538
x-via-fastly: Verdad
x-served-by: cache-sjc10075-SJC, cache-sjc10075-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:46 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.128679,VS0,VE0
etag: W/"1075-1600799806000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Tue, 29 Sep 2020 23:00:30 GMT

GET
H2 200 jquery.colorbox-min.js Show response
www.csoonline.com/www.idge/js/jquery/plugins/ 11 KB
5 KB 281ms
267ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/jquery/plugins/jquery.colorbox-min.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f370d6bd05df8e6a5b671f06e038c4d85d95dc5446fdeb8f8762e817882a8322

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 85851
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 6, 6, 3, 3
content-length: 4634
x-via-fastly: Verdad
x-served-by: cache-sjc10034-SJC, cache-sjc10034-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:06 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.128658,VS0,VE0
etag: W/"11081-1600799766000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 23:25:14 GMT

GET
H2 200 article.js Show response
www.csoonline.com/www.idge/js/ 2 KB
883 B 274ms
267ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/article.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 0dbf4106e062b56a7d4db32cb448fad76e1aad0bf204b8569091bdcb5abed21e

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 23921
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 613
x-via-fastly: Verdad
x-served-by: cache-sjc10034-SJC, cache-sjc10034-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:58:10 GMT
server: Apache-Coyote/1.1
x-timer: S1601039769.128709,VS0,VE0
etag: W/"1707-1600963090000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:36:40 GMT

GET
H2 200 responsive-tables.js Show response
www.csoonline.com/www.idge/js/jquery/ 1 KB
802 B 199ms
30ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/jquery/responsive-tables.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a739dbffc4a907c1f133b4b26e0daf544ea743218bba5704a910313b0ef3ac10

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 119690
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 541
x-via-fastly: Verdad
x-served-by: cache-sjc10045-SJC, cache-sjc10045-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:08 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.576575,VS0,VE0
etag: W/"1363-1600799768000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 14:01:17 GMT

GET
H2 200 jquery.tablesorter.min.js Show response
www.csoonline.com/www.idge/js/jquery/ 16 KB
5 KB 198ms
30ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/jquery/jquery.tablesorter.min.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 55e8d16bb1a291b0524928dd3bd20c191a14d8a947e4b141271f9c595c7bb451

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 176578
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 4830
x-via-fastly: Verdad
x-served-by: cache-sjc10074-SJC, cache-sjc10074-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:36:06 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.576521,VS0,VE0
etag: W/"16373-1600799766000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Tue, 29 Sep 2020 22:11:54 GMT

GET
H2 200 global.js Show response
www.csoonline.com/www.idge/js/ 14 KB
4 KB 199ms
31ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/js/global.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e0c629f4ece53000517c7077027971a1dea36ec8c9daac30b7655bcbca84b00a

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 23806
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 4311
x-via-fastly: Verdad
x-served-by: cache-sjc10039-SJC, cache-sjc10039-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:53:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.576819,VS0,VE0
etag: W/"14105-1600962832000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:39:09 GMT

GET
H2 200 ss-social.js Show response
www.csoonline.com/www/js/webfonts/ 4 KB
2 KB 132ms
39ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/webfonts/ss-social.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: af34f58ea2fc346a5f7028ad8b721a9bb31405cf283471a37dab53bad10a6a36

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 151353
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 2, 2, 3, 3
content-length: 1766
x-via-fastly: Verdad
x-served-by: cache-sjc10070-SJC, cache-sjc10070-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:37:18 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.669040,VS0,VE0
etag: W/"3950-1600799838000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 05:13:30 GMT

GET
H2 200 ss-standard.js Show response
www.csoonline.com/www/js/webfonts/ 11 KB
4 KB 131ms
40ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/webfonts/ss-standard.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: bdfe5b167ff906b96e1f8f028ac8f5e41af7a1892d0cc3a275d28057ba79c0a9

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 275336
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 3898
x-via-fastly: Verdad
x-served-by: cache-sjc10078-SJC, cache-sjc10078-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Mon, 21 Sep 2020 13:32:12 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.669115,VS0,VE0
etag: W/"10818-1600695132000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Mon, 28 Sep 2020 18:45:01 GMT

GET
H2 200 brandAnalytics.js Show response
www.csoonline.com/www/js/analytics/ 2 KB
722 B 157ms
24ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/analytics/brandAnalytics.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 9844fb443bd322af1d908116fa890abdbed6b8b6fe73fba91c9beb8408318aad

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 267460
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 461
x-via-fastly: Verdad
x-served-by: cache-sjc10038-SJC, cache-sjc10038-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Mon, 21 Sep 2020 13:31:38 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.745346,VS0,VE0
etag: W/"2516-1600695098000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Mon, 28 Sep 2020 20:58:13 GMT

GET
H2 200 locales-editions-slug.js Show response
www.csoonline.com/www/js/ 2 KB
819 B 158ms
25ms Script
application/javascript 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www/js/locales-editions-slug.js?v=20200924085942
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 7ab5965c8487c7a3d837cfa47b6794b54661061fcac4c927f9815a5f58484c94

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 23974
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 1, 1, 3, 3
content-length: 613
x-via-fastly: Verdad
x-served-by: cache-sjc10049-SJC, cache-sjc10049-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:59:10 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.745506,VS0,VE0
etag: W/"2384-1600963150000-gzip"
vary: Accept-Encoding,Cookie
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Thu, 01 Oct 2020 16:35:53 GMT

GET
H2 200 subscribers.js Show response
cdn.subscribers.com/assets/ 39 KB
11 KB 341ms
202ms Script
application/javascript 2600:9000:21f3:7c00:2:d151:aac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.subscribers.com/assets/subscribers.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:7c00:2:d151:aac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b61fa92f57dfeee7a470ff67856fdeb82dafabe3286939f03580058e15578ab

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 02:11:13 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 11:36:27 GMT
server: AmazonS3
age: 39897
etag: "4332a41069063304c1c326918fcf8ec3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: RdYSpYC2NpudOvinH1qdIOrllqF909I3ZEGtf09BYrYt5q1DiwZJmA==
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront)

POST
H2 200 native-message Show response
cmpv2.csoonline.com/wrapper/tcfv2/v1/gdpr/ 155 KB
9 KB 99ms
81ms XHR
application/json 143.204.215.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmpv2.csoonline.com/wrapper/tcfv2/v1/gdpr/native-message?requestUUID=1da908d9-696c-4ba4-a743-ceee1c1cb644&hasCsp=true&env=prod&consentLanguage=browserDefault
Requested by: Host: cmpv2.csoonline.com
URL: https://cmpv2.csoonline.com/wrapperMessagingWithoutDetection.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.94 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-94.fra53.r.cloudfront.net
Software: / Express
Resource Hash: 5c2f47b770053f0202f2dfbf100c59e2f57dc898835aa2a7aa96e420c95d42a1

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Sep 2020 13:16:07 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-powered-by: Express
x-cache: Miss from cloudfront
status: 200
access-control-allow-origin: https://www.csoonline.com
etag: W/"26d3f-6/tJjUztpQ2mZsNt2dcpF5LdH9A"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
via: 1.1 850ccace60916919bf31313cb9176e01.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, SP_SCRIPT_VERSION
x-amz-cf-id: 7WQENL08igEKdD25IknkjUP8qoWApqcRVUMyJFmRVtTrN08XJ4Y9hg==

GET
H2 200 get_site_data Show response
cmp.csoonline.com/mms/ 19 B
252 B 100ms
92ms XHR
text/plain 52.59.111.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.csoonline.com/mms/get_site_data?requestUUID=9d2212d8-16a7-4181-a562-da4b6f147efd&account_id=146&href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter
Requested by: Host: ccpa.sp-prod.net
URL: https://ccpa.sp-prod.net/ccpa.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.111.161 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.2.v20170220) /
Resource Hash: 682abed659d964807ad2dac4185b51deeb6a2f7835ef3dffb4b1579c673850e3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:06 GMT
x-sp-mms-node: mms-aws.node.fra.consul
server: Jetty(9.4.2.v20170220)
status: 200
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: https://www.csoonline.com
cache-control: max-age=2592000
access-control-allow-credentials: true

GET
H3-Q050 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 53 KB
18 KB 132ms
45ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/ads/gpt_starter.js?1234

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

e5901ff004173bf87d2b50d2af03308c3480ff1a8a40becb914354f3bb7eb2a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "643 / 252 of 1000 / last-modified: 1601032413"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17893
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:09 GMT

GET
H2 200 print.css
www.csoonline.com/www.idge/css/ 2 KB
971 B 225ms
37ms Stylesheet
text/css 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/print.css
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a5e5c781317ce492049cb1f9e1deec67c47bbe5dbd03ec12f688cf7a221a79f2

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 115928
x-cache: HIT, HIT, HIT, HIT
status: 200
x-cache-hits: 7, 7, 3, 3
content-length: 733
x-via-fastly: Verdad
x-served-by: cache-sjc10028-SJC, cache-sjc10028-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Tue, 22 Sep 2020 18:33:58 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.811441,VS0,VE0
etag: W/"1871-1600799638000-gzip"
vary: Accept-Encoding,Cookie
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=604800
x-vcl-version: 50
accept-ranges: bytes
expires: Wed, 30 Sep 2020 15:03:31 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
149 B 82ms
37ms Stylesheet
text/css 2a02:26f0:10c:5a4::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=xyb0fnv&ht=tk&f=25310.25312.25313.25314.25318&a=25545821&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/xyb0fnv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5a4::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/xyb0fnv.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:07 GMT
last-modified: Wed, 24 Jun 2020 23:30:16 GMT
server: nginx
etag: "5ef3e208-5"
status: 200
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5

OPTIONS
H2 200 native-message
cmpv2.csoonline.com/wrapper/tcfv2/v1/gdpr/ Frame 0
0 125ms
108ms Other
text/html 143.204.215.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmpv2.csoonline.com/wrapper/tcfv2/v1/gdpr/native-message?requestUUID=1da908d9-696c-4ba4-a743-ceee1c1cb644&hasCsp=true&env=prod&consentLanguage=browserDefault
Protocol: H2
Server: 143.204.215.94 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-94.fra53.r.cloudfront.net
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.csoonline.com
Sec-Fetch-Mode: cors

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 4
date: Fri, 25 Sep 2020 13:16:06 GMT
x-powered-by: Express
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,SP_SCRIPT_VERSION
access-control-allow-methods: GET, PUT, POST, DELETE
cache-control: no-cache
allow: POST
etag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
x-cache: Miss from cloudfront
via: 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: GeGDwq8dBPezRvAd6NKm0en51U037_cuwfsYELppwXKaoH2dIJ42ng==

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 193 KB
54 KB 119ms
32ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf27f8018bd9ca97678c75d818bd64d92c46e901ad20f669c37853ad59c1bd13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55152
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:09 GMT

GET
H2 200 f5b3be27-f789-4ef1-8867-37c67da5b361-web.js Show response
cdn.permutive.com/ 1 MB
147 KB 265ms
142ms Script
application/javascript 104.19.149.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.149.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d449c7cd834b923b123f740482884501a6a6022dc24ea9e5b9a14a1bfb06ed4

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: br
cf-cache-status: HIT
age: 175
x-guploader-uploadid: ABg5-Uy3-hYNV7TSSQBwDrZPYyfAk08OsYRMkY4xM2Znf-JjGyxlUbNNoNnwod7vTuCGfR8xl_49r0DhydoPtrxCtAo
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
cf-request-id: 056701361b0000237361b73200000001
last-modified: Fri, 25 Sep 2020 11:13:06 GMT
server: cloudflare
etag: W/"ae0724f3facc92d29dca1a07ce9327a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=PZM9WA==, md5=rgck8/rMktKdyhoHzpMnqA==
x-goog-generation: 1601032386464701
cache-control: public, max-age=300
x-goog-stored-content-length: 211023
cf-ray: 5d85049cf9252373-ZRH
expires: Fri, 25 Sep 2020 13:21:09 GMT

GET
H2 200 CSO-logo-nav.svg
alt.idgesg.net/images/furniture/cso/ 2 KB
2 KB 139ms
0ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/cso/CSO-logo-nav.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www.idge.cso/css/oc-header.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9eb5f4aaf681528b1c83e13a0e9302e9f05132372e35dbc96c95485198028d56

Request headers

Referer: https://www.csoonline.com/www.idge.cso/css/oc-header.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 1AZpuIKi8PcjBsPZ3lrXz_o5ZjbADhP.
via: 1.1 varnish
etag: "a826e9631dda67c762e2f43ab9fbe6a6"
age: 3467
x-amz-meta-origin-date-iso8601: 2019-03-20T14:28:52.000Z
x-cache: HIT
status: 200
content-length: 2222
x-amz-id-2: xV+h5x2dMOQfqNhJNQPSa0L/oCCax1rhfkFcGT+oNyB3xVwNmvOFWRvfBwnx7ez+arw+6EW9iLw=
x-served-by: cache-hhn4033-HHN
last-modified: Wed, 20 Mar 2019 14:29:23 GMT
server: AmazonS3
x-timer: S1601039769.131008,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: AN5KBJ3K8T5KFPAW
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 3

GET
H2 200 insider-logo-updated.svg
idge.staticworld.net/images/ 3 KB
3 KB 217ms
32ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/images/insider-logo-updated.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90e7f8120f6d2e856e3a487abe2551c75bea54bee192a5a9b8afa4a0216eefa6

Request headers

Referer: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CqyWtbm.VH6O14ZU_g_VPqkHhNPzIAa5
via: 1.1 varnish
etag: "6f2e6c9e8e4cba254e168d6355376522"
age: 1965
x-cache: HIT
status: 200
content-length: 3102
x-amz-id-2: QvC2ocHW6vpj/cMe3uoWUoWdsJBjawrL72VkJlolt+u8Nm2I93VlQ3JM85jPUWM/N35uLsRo30E=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:09 GMT
server: AmazonS3
x-timer: S1601039770.509790,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 0EB9C1FC46B5E123
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 8

GET
H2 200 fa-regular-400.woff2
use.fontawesome.com/releases/v5.6.1/webfonts/ 15 KB
15 KB 180ms
136ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.1/webfonts/fa-regular-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.6.1/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: e5c1d9e7bdeaf3372dee724d175d25aca879ed52ae9afd018f503e9d74e09b50

Request headers

Origin: https://www.csoonline.com
Referer: https://use.fontawesome.com/releases/v5.6.1/css/all.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
last-modified: Wed, 12 Dec 2018 17:44:23 GMT
server: NetDNA-cache/2.2
status: 200
etag: "569693c9f5d42d769c7f87b90856219a"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 14868

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.6.1/webfonts/ 77 KB
78 KB 179ms
137ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.6.1/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.6.1/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 08aa3a5ee68a21d5771a70b20495b6da1c0f996c46982cd1b0447ad2db730d11

Request headers

Origin: https://www.csoonline.com
Referer: https://use.fontawesome.com/releases/v5.6.1/css/all.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
last-modified: Wed, 12 Dec 2018 17:44:35 GMT
server: NetDNA-cache/2.2
status: 200
etag: "59ea9019c9b9bc4d83ab9783e830735c"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 79072

GET
H3-Q050 200 cse.js Show response
cse.google.com/ 10 KB
3 KB 334ms
47ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=011881588825642368632:b0mgdf4z90i

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

5df9e6187687936c2e87b554cd224cfe11f312065ff5160f5299f38b94c5c75f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3486
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:09 GMT

GET
H2 200 hamburger-v2.svg
alt.idgesg.net/images/furniture/ 610 B
902 B 318ms
20ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/hamburger-v2.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 413215e01c47f149df91c6d2281bc5288980420466333b3190d2807c1a5a6966

Request headers

Referer: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 1fnsULWZsCA3r7yvlAPj1P80IHmK7W6x
via: 1.1 varnish
etag: "cf32478c18a5e4e5ee7de7180fb12c18"
age: 2897
x-amz-meta-origin-date-iso8601: 2018-12-17T19:19:51.000Z
x-cache: HIT
status: 200
content-length: 610
x-amz-id-2: FqRIbqhlq/YpIA28I7I1HZKMkbnd+6HRo5i/V2xkbQ+r4aoKJdi9kaPQID8JGQxmYURnJYdtIuQ=
x-served-by: cache-hhn4033-HHN
last-modified: Mon, 17 Dec 2018 19:20:57 GMT
server: AmazonS3
x-timer: S1601039770.586324,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: 6F2CFE1D882FE713
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 9

GET
H2 200 megamenu-ip-logo.svg
alt.idgesg.net/images/furniture/insiderpro/megamenu/ 5 KB
5 KB 317ms
20ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/insiderpro/megamenu/megamenu-ip-logo.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cc8104c2421ddba0fee8e079eb7f771f4c14ec71c0c714d67c530afcbf761766

Request headers

Referer: https://www.csoonline.com/www/css/oc-header.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: kNgQwgxS9UBWR4a1aGMjvH18qrlDRyAS
via: 1.1 varnish
etag: "7bea921263c2f7aa1454205785963338"
age: 1292
x-amz-meta-origin-date-iso8601: 2019-06-26T10:33:19.159Z
x-cache: HIT
status: 200
content-length: 4898
x-amz-id-2: fnRSY5ztcRIDvEE0obp7AEYrnF55EEAscaya4S/xObyRov9DY4C6DF7bdxBSMmdGXqW9Nt2Ifzk=
x-served-by: cache-hhn4033-HHN
last-modified: Wed, 26 Jun 2019 10:33:59 GMT
server: AmazonS3
x-timer: S1601039770.586318,VS0,VE0
date: Fri, 25 Sep 2020 13:16:09 GMT
x-amz-request-id: B4F95A711EB0ED16
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 6

GET
H2 200 ss-standard.woff
www.csoonline.com/www.idge/css/webfonts/ 26 KB
27 KB 232ms
24ms Font
font/woff 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/webfonts/ss-standard.woff
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www.idge/css/webfonts/ss-standard.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: d2aae940b6d023c99cbd656bbd0868f51bcf4a93455efef42cc95d8a4c7bceca

Request headers

Origin: https://www.csoonline.com
Referer: https://www.csoonline.com/www.idge/css/webfonts/ss-standard.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 8754
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 27058
x-via-fastly: Verdad
x-served-by: cache-sjc10057-SJC, cache-sjc10057-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:53:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.505168,VS0,VE0
etag: W/"27096-1600962832000-gzip"
vary: Accept-Encoding,Cookie
content-type: font/woff
via: 1.1 varnish, 1.1 varnish
x-vcl-version: 50
accept-ranges: bytes
x-cache-hits: 66, 66, 3, 3

GET
H2 200 l
use.typekit.net/af/d6b712/00000000000000003b9adf58/27/ 23 KB
23 KB 205ms
0ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/d6b712/00000000000000003b9adf58/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/xyb0fnv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: ef756e21b4660483b0d200e15873d899d783fc49abccebcf5d2ebc5d7e6f8e31

Request headers

Origin: https://www.csoonline.com
Referer: https://use.typekit.net/xyb0fnv.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
server: nginx
etag: "efe31a101c3e856372e08c1c9637427b59c9a79b"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 23704

GET
H2 200 l
use.typekit.net/af/6dc482/00000000000000003b9adf53/27/ 23 KB
23 KB 197ms
0ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6dc482/00000000000000003b9adf53/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/xyb0fnv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: dfd9e061f289eeaf739ed0e3f756905b4c61dfb2403c1a5c8feb47134aa43dad

Request headers

Origin: https://www.csoonline.com
Referer: https://use.typekit.net/xyb0fnv.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
server: nginx
etag: "5b46ee39bcfd27d8dfd3d98149fb650ec89529ee"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 23500

GET
H2 200 l
use.typekit.net/af/685a23/00000000000000003b9adf56/27/ 24 KB
24 KB 213ms
16ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/685a23/00000000000000003b9adf56/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/xyb0fnv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: ed4b59c842945fa6d990f7d9a750c87a92f7ba60f7f19f8d18af145853c35c1a

Request headers

Origin: https://www.csoonline.com
Referer: https://use.typekit.net/xyb0fnv.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
server: nginx
etag: "8b6f123f7295f8322378a85cf16139306915076f"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 24568

GET
H2 200 ss-social-circle.woff
www.csoonline.com/www.idge/css/webfonts/ 10 KB
10 KB 228ms
33ms Font
font/woff 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/www.idge/css/webfonts/ss-social-circle.woff
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www.idge/css/webfonts/ss-social.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 8982bee74ee4a24031eea6ffe2cf2a3a41b3eee01490dfb4b8a641ef69dc923f

Request headers

Origin: https://www.csoonline.com
Referer: https://www.csoonline.com/www.idge/css/webfonts/ss-social.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:09 GMT
content-encoding: gzip
age: 3828
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 9718
x-via-fastly: Verdad
x-served-by: cache-sjc10034-SJC, cache-sjc10034-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
last-modified: Thu, 24 Sep 2020 15:53:52 GMT
server: Apache-Coyote/1.1
x-timer: S1601039770.505291,VS0,VE0
etag: W/"9732-1600962832000-gzip"
vary: Accept-Encoding,Cookie
content-type: font/woff
via: 1.1 varnish, 1.1 varnish
x-vcl-version: 50
accept-ranges: bytes
x-cache-hits: 2, 2, 3, 3

GET
H2 200 message_url Show response
cmp.csoonline.com/mms/v2/ 0
835 B 123ms
121ms XHR
application/json 52.59.111.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.csoonline.com/mms/v2/message_url?requestUUID=9d2212d8-16a7-4181-a562-da4b6f147efd&account_id=146&abp=false&href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&consentUUID=fa30b47c-3014-4005-a73f-d19f668bd433&loadedData=%5B%7B%22id%22%3A%22CONSENT%3Aendpoint%3Ahttps%3A%2F%2Fccpa-service.sp-prod.net%3A3918%22%2C%22result%22%3A%22%7B%5C%22hasConsentData%5C%22%3Afalse%2C%5C%22consentedToAny%5C%22%3Afalse%2C%5C%22consentedToAll%5C%22%3Afalse%2C%5C%22rejectedAny%5C%22%3Afalse%7D%22%7D%5D&stage_campaign=false&cookie=%5B%22_sp_enable_dfp_personalized_ads%3Dfalse%3B%22%2C%22_sp_v1_uid%3D1%3A683%3A3b64ecf9-d53e-48c0-8263-91a4407adf12%3B%22%2C%22_sp_v1_ss%3D1%3AH4sIAAAAAAAAAItWqo5RKimOUbKKxmDklebk6MQopSKxS8AS1bW1sSRLKOlgWkWWDdgMGkJuxqdfKRYAILxxHpABAAA%253D%3B%22%2C%22_sp_v1_opt%3D1%3A%3B%22%2C%22_sp_v1_csv%3Dnull%3B%22%2C%22_sp_v1_lt%3D1%3A%3B%22%2C%22_sp_v1_data%3D2%3A202832%3A1601039764%3A0%3A3%3A0%3A3%3A0%3A0%3A_%3A-1%3B%22%5D&t[type]=CCPA
Requested by: Host: ccpa.sp-prod.net
URL: https://ccpa.sp-prod.net/ccpa.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.111.161 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.2.v20170220) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:10 GMT
x-sp-mms-node: mms-ayc.node.fra.consul
server: Jetty(9.4.2.v20170220)
status: 200
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: https://www.csoonline.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-sp-mms-env: 1
content-length: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 idg.js Show response
cdn.blueconic.net/ 130 KB
39 KB 149ms
148ms Script
text/javascript 143.204.94.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.blueconic.net/idg.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.94.15 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

- /

Resource Hash

d9e1b9c58979efbe7f360f1de3085a036a699c9dcdd90ee640dd8182b29e5bca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:14:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
age: 115
x-cache: Hit from cloudfront
status: 200
content-length: 39721
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Sep 2020 18:20:23 GMT
server: -
etag: "20999-5afff230ea970-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 32c8da10203574baccb74b8f771a7ffb.cloudfront.net (CloudFront)
cache-control: public, max-age=600, s-maxage=500
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-amz-cf-id: p4kQWRhLKe9qXqHqzGYyPHiDqUIdsgoxRc5sBOnfZY6Lc_D9hh-vzw==

GET
H2 200 l
use.typekit.net/af/9ec930/00000000000000003b9adf55/27/ 24 KB
24 KB 16ms
6ms Font
application/font-woff2 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9ec930/00000000000000003b9adf55/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/xyb0fnv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 551c004633e25f9dd42ff8e4af57138e73e1a06349e8296ed7180046c0452ae3

Request headers

Origin: https://www.csoonline.com
Referer: https://use.typekit.net/xyb0fnv.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:10 GMT
server: nginx
etag: "19a8e819c6270a3cbf61479ecab70cf5b2bc0861"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 24108

OPTIONS
H2 200 display-dns
ccpa-service.sp-prod.net/ccpa/consent/3918/ Frame 0
0 132ms
131ms Other
text/html 52.203.184.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ccpa-service.sp-prod.net/ccpa/consent/3918/display-dns?requestUUID=9d2212d8-16a7-4181-a562-da4b6f147efd
Protocol: H2
Server: 52.203.184.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-184-151.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.csoonline.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Fri, 25 Sep 2020 13:16:10 GMT
content-type: text/html; charset=utf-8
content-length: 4
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE
cache-control: no-cache
allow: POST

POST
H2 200 display-dns Show response
ccpa-service.sp-prod.net/ccpa/consent/3918/ 464 B
742 B 140ms
137ms XHR
application/json 52.203.184.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ccpa-service.sp-prod.net/ccpa/consent/3918/display-dns?requestUUID=9d2212d8-16a7-4181-a562-da4b6f147efd
Requested by: Host: ccpa.sp-prod.net
URL: https://ccpa.sp-prod.net/ccpa.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.203.184.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-203-184-151.compute-1.amazonaws.com
Software: /
Resource Hash: cef963efb8a2ceebc50926536c1ae7da95f83e838ccc5a0c9225b6acd0fcb5ff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Sep 2020 13:16:10 GMT
status: 200
access-control-allow-methods: GET, PUT, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 464

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 170 KB
53 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5WC9SK&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0f12c3ac22648400223ac81fb31461be3fc226927d57c444f49e879483a9d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:11 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53959
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Sep 2020 13:16:11 GMT

GET
H/1.1 200
OK api.js Show response
w.soundcloud.com/player/ 5 KB
3 KB 60ms
47ms Script
application/javascript 99.86.243.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://w.soundcloud.com/player/api.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.5 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-5.vie50.r.cloudfront.net

Software

am/2 /

Resource Hash

78d83d68ccf7a24aca085486bfc291760424279b6f5308092af4fe600b9d1e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:13:35 GMT
Via: sssr, 1.1 a243c19b86829b9271d382d92416109c.cloudfront.net (CloudFront)
Vary: Accept-Encoding
Age: 156
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
P3P: policyref="https://w.soundcloud.com/player/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV TAI PSAo PSDo OUR STP CNT"
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 14:11:22 GMT
Server: am/2
ETag: W/"1298-203301282"
Strict-Transport-Security: max-age=63072000
Content-Type: application/javascript
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: VIE50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: HVhCopr3F1J37tYW2MtIflzt559RkY2HSIpvdlYAUavBQYqJrgaJcQ==

GET
H/1.1 204
No Content / Show response
api3847.d41.co/sync/ 0
817 B 279ms
147ms Script
text/plain 34.200.67.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api3847.d41.co/sync/

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.67.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:12 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1; mode=block

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 17 KB
6 KB 58ms
58ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: t.co
URL: https://t.co/chVwWS4jhn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:11 GMT
content-encoding: gzip
last-modified: Tue, 30 Jun 2020 17:04:46 GMT
server: snooserv
etag: "85ee817cda81317b49d1d3056f6bdf95"
vary: Accept-Encoding,Origin
content-type: application/javascript
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 5809
via: 1.1 varnish, 1.1 varnish

GET
H2 200 pubads_impl_2020091601.js Show response
securepubads.g.doubleclick.net/gpt/ 263 KB
92 KB 96ms
87ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Sep 2020 08:40:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94378
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:12 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
543 B 132ms
94ms XHR
application/json 52.50.67.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=187051
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.67.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7f4c9764a74f7e73502dae77b4163c62f985c27049a30c72f87d0ed8e54dbe3f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 25 Sep 2020 13:16:12 GMT
x-aspnet-version: 4.0.30319
status: 200
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sun, 25 Oct 2020 13:16:12 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 15 KB
3 KB 168ms
167ms Script
text/javascript 54.197.13.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&prx_referrer=https%3A%2F%2Ft.co%2FchVwWS4jhn&ntv_mvi&ntv_kv=channel*ransomware&ntv_fpc=c4133dac-ca8a-40b7-b21b-636d1da81037&us_privacy=1---
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.13.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-13-220.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 32fb7ef9d8a44a6fcb2d5065b38a9afbac0b93d90fd08bd84a522d06bbb6b46b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:12 GMT
content-encoding: gzip
server: nginx/1.12.1
status: 200
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 2816
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 f5b3be27-f789-4ef1-8867-37c67da5b361-models.bin Show response
cdn.permutive.com/models/ 11 KB
11 KB 111ms
39ms XHR
application/x-binary 104.19.149.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/f5b3be27-f789-4ef1-8867-37c67da5b361-models.bin
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.149.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8208c96d738487957a78a0dbb2f3b801416b486b3d66cc94fccf55d589225743

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:13 GMT
cf-cache-status: HIT
age: 3286
x-guploader-uploadid: ABg5-UzqQE18Ch5CeaH2qrFowpnPtKerxStDE5BcAuQJeRkQglVnWLk1dviC5lmlZprmwkjRFRsvbH1AOVThV7mI2og
x-goog-storage-class: REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/x-binary
cf-request-id: 0567014636000023c7df873200000001
last-modified: Thu, 24 Sep 2020 15:22:48 GMT
server: cloudflare
etag: W/"04d5d972014000f3c8cc08515d49d85e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=NukjMg==, md5=BNXZcgFAAPPIzAhRXUnYXg==
x-goog-generation: 1600960968152248
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=300
x-goog-stored-content-length: 10890
cf-ray: 5d8504b6bef423c7-ZRH
expires: Fri, 25 Sep 2020 13:21:13 GMT

GET
H/1.1 200
OK getuidj Show response
ib.adnxs.com/ 11 B
709 B 82ms
49ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:13 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.140:80
AN-X-Request-Uuid: 1820dbc3-705b-49ed-9af9-d7a1e5178b2a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 cse_element__en.js Show response
www.google.com/cse/static/element/26b8d00a7c7a0812/ 260 KB
86 KB 60ms
8ms Script
text/javascript 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=011881588825642368632:b0mgdf4z90i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 09:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 14097
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88400
x-xss-protection: 0
expires: Sat, 25 Sep 2021 09:21:16 GMT

GET
H3-Q050 200 default+en.css
www.google.com/cse/static/element/26b8d00a7c7a0812/ 40 KB
9 KB 52ms
8ms Stylesheet
text/css 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=011881588825642368632:b0mgdf4z90i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 09:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 186617
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8947
x-xss-protection: 0
expires: Thu, 23 Sep 2021 09:25:56 GMT

GET
H3-Q050 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 52ms
9ms Stylesheet
text/css 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=011881588825642368632:b0mgdf4z90i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 274
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:01:39 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 121 KB
19 KB 213ms
162ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A13%2B02%3A00&ts=1601039773650

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

1fd21397d1395d7af4820bfb1ba7475f8d489cc8f34bf618004e3df1ee75acba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 18456
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
BLOB 200
OK 950f28ae-deb7-4305-a2b0-4a247b664017
https://www.csoonline.com/ 686 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.csoonline.com/950f28ae-deb7-4305-a2b0-4a247b664017
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 046c81e72ccfba9ef244fa498f7caa4d715258899cd3dd87008e28ccc1eef3ea

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 702577
Content-Type: application/javascript

POST
H2 200 graphql Show response
api.permutive.com/ 384 B
309 B 103ms
55ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/graphql?k=84c7e805-5ce9-41f4-b988-3529488bab1c
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: 22743e48208100b30e26dc7136de29be0e624ecd577c28c3f424f723096ec8a2

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:13 GMT
content-encoding: gzip
server: Permutive
status: 200
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.csoonline.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 244
via: 1.1 google

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 146 KB
49 KB 823ms
475ms Script
application/x-javascript 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: af59d19b683ee85a6df8fbd4567dd65cf047f0633331dd83bbe8e0da758c2f49

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:14 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 08:21:35 GMT
status: 200
etag: W/"24627-PnJbwXR+adBlqCT9RTAtGICDG8I"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
cookie: CheetahStaging=true
access-control-allow-methods: GET,POST
timing-allow-origin: *
expires: Fri, 25 Sep 2020 17:16:14 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
73 B 491ms
167ms Image
image/gif 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1601039774134&id=t2_4bkq4t2o&event=PageVisit&uuid=43fc5583-517e-4cd5-b1b1-d22ccc687be0&s=PmoOhoD1GZzpSdEHjZpxAKbAyp8kQxchK8bcViM20ns%3D
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:14 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 cso-logo-idg.svg
idge.staticworld.net/cso/ 4 KB
4 KB 307ms
1ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/cso/cso-logo-idg.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www.idge.cso/css/foot.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef7755857c07a98436dce7c81f0071da4925b63aa320f6a600eafdc08d620f5f

Request headers

Referer: https://www.csoonline.com/www.idge.cso/css/foot.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: oZFBpEq1ZhNl2KLvmAO7EkSd4kjPfufK
via: 1.1 varnish
etag: "52e975d0aa09163968fbd12cf29e4088"
age: 2170
x-cache: HIT
status: 200
content-length: 3923
x-amz-id-2: bYJrALxetWN/mqVTpIdAJC4jMbdNnGyG09oM+OKF1YY3Ex79PTgyWzpxq2ujcqpfOPPOYDHjbSM=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:09:02 GMT
server: AmazonS3
x-timer: S1601039774.464707,VS0,VE0
date: Fri, 25 Sep 2020 13:16:14 GMT
x-amz-request-id: 9BEF6749CE7CE47A
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 3

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 727 B
961 B 299ms
161ms XHR
application/json 52.215.225.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=8879&slot=%7Bid:gpt-skin,ss:%5B1.1%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&slot=%7Bid:inread,ss:%5B1.1,2.1%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&slot=%7Bid:gpt-overlay,ss:%5B640.480%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&slot=%7Bid:topleaderboard,ss:%5B970.90,970.250,728.90%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&slot=%7Bid:topimu,ss:%5B300.600,300.250,120.600,160.600%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&slot=%7Bid:oc_ad_1,ss:%5B7.7%5D,p:/8456/IDG.G_B2B_CSOOnline.com/security_section,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=fba5d8ee-ebe5-0871-c5e5-10d11dac5428&url=https%253A%252F%252Fwww.csoonline.com%252Farticle%252F3574907%252Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%253Futm_content%253Dcontent%2526utm_medium%253Dsocial%2526utm_campaign%253Dorganic%2526utm_source%253Dtwitter
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.225.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c454b07c7131481526147dcae201c8cab8413d20e6ec01916d76be3ec4863796

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:14 GMT
x-server-name: app36.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.csoonline.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 moatcontent.js Show response
z.moatads.com/nativonielsen548znrb18/ 167 KB
55 KB 565ms
34ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/nativonielsen548znrb18/moatcontent.js?moatClientLevel1=9335
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 17:04:05 GMT
server: AmazonS3
x-amz-request-id: 541CA3CB462144FD
etag: "774acff2cee5852cdfc3fd8471cb2667"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=12300
accept-ranges: bytes
content-length: 55696
x-amz-id-2: WNwhnB94WoMq7DmM1MaoToceuK3QbHC7vn11hUldfKqO5oRdP3/lkIWqAFpXgth7b2BO5KLt3DE=

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
339 B 738ms
224ms Image
image/gif 54.197.13.220
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=478c19b3-f0c3-4f5e-b199-0f49cca02146&ntv_fl=7uDOAz88QViW5FhnhWWSVY37EAjmUKybCOt6O3NyYeuO3QN2bVyqg2fLnefFIKnKl_b0dwQpJVLAo85qJJxOUD2p5ziseWvw9NOw37eGoN5qC8VmMy84DdOrfXajJhwon-5GrZmczcitHrcSLDLpV89B5_rzyH0CACv8Yyf346y3UxL5a2mn_LSzNp_M2TOozKnVMwfTn0srDqkzYdpz0w==&ntv_ht=nO1tXwA&ntv_at=303,302&ntv_a=AAAAAAAAAAd-oQA&ord=1601039774430&prx_referrer=https%3A%2F%2Ft.co%2FchVwWS4jhn&ntv_it
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.197.13.220 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-197-13-220.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:15 GMT
server: nginx/1.12.1
status: 200
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 1 KB
2 KB 540ms
48ms Script
application/javascript 99.86.243.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.61 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-61.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:15:00 GMT
Via: 1.1 8041ecf6e768a41bc9c64e0c75dc923d.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Jan 2019 15:43:36 GMT
Server: AmazonS3
Age: 76
ETag: "e876f53a6063aa4d75f88c7b67222687"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: VIE50-C1
Accept-Ranges: bytes
Content-Length: 1420
X-Amz-Cf-Id: 1mx07kot-_vtwGBOd2S49Tl39Qr7ThYUl12SO8ShBE6ofj9s8AdGOA==

GET
H2 200 pub.531979.min.js Show response
www.dwin2.com/ 304 KB
114 KB 417ms
0ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dwin2.com/pub.531979.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WC9SK&l=dataLayer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: cf039723cffa666890460c45c76e739b676456ec01632d019d50f5b84b0d907b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
age: 386
x-cache: HIT, HIT
status: 200
x-cache-hits: 1, 3
content-length: 116234
x-served-by: cache-lcy19270-LCY, cache-hhn4040-HHN
last-modified: Fri, 25 Sep 2020 12:09:47 GMT
server: nginx
x-timer: S1601039775.054654,VS0,VE0
etag: "5f6dde0b-4c1d9"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=3600
accept-ranges: bytes
expires: Fri, 25 Sep 2020 13:09:47 GMT

GET
H/1.1 200
OK index.js Show response
tracker.adreadyclick.com/ 9 KB
4 KB 388ms
29ms Script
text/javascript 2606:4700:3031::ac43:be68
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.adreadyclick.com/index.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WC9SK&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3031::ac43:be68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8bd22f9acbeadb00865723e499482b60825fc104a5756f75bd8a0532da5b5c3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:15 GMT
Content-Encoding: br
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 4906896
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0567014d40000017866c839200000001
Last-Modified: Thu, 30 Jul 2020 18:13:07 GMT
Server: cloudflare
ETag: W/"2253-5abac9fcb2f99"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
CF-RAY: 5d8504c20cff1786-FRA
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 361ms
44ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WC9SK&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:15 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=14336
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 362ms
0ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: t.co
URL: https://t.co/chVwWS4jhn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
age: 56633
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4081-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1601039775.052689,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
177 B 485ms
119ms Image
image/gif 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1601039774690&id=t2_4bkq4t2o&event=PageVisit&uuid=43fc5583-517e-4cd5-b1b1-d22ccc687be0&s=ueIzfJVOilgTt62r6o0jCy2ggeoP%2B9Oqc7qzyRj66rw%3D
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 451 identity Show response
api.rlcdn.com/api/ 0
46 B 235ms
18ms XHR
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
via: 1.1 google
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
status: 451
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 0

GET
H2 200 b5abfcea1e1f5604991e4fe5b393d48f Show response
idg.blueconic.net/plugin/plugin/ 186 KB
46 KB 233ms
133ms Script
text/javascript 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/plugin/plugin/b5abfcea1e1f5604991e4fe5b393d48f

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

a21b332d2f8b5cbed8e1fc317d1e9f41ccb67341c73da44d05e8347e64740e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
etag: b5abfcea1e1f5604991e4fe5b393d48f
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: private, max-age=31536000
content-type: text/javascript; charset=utf-8
content-length: 46126
x-xss-protection: 1; mode=block
expires: Sat, 25 Sep 2021 13:16:15 GMT

GET
H2 200 tso Show response
www.csoonline.com/ads/ 582 B
748 B 81ms
38ms XHR
application/json 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/ads/tso?localeId=0
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: defa292e1de2d97bf674516e7f3ff5b0c1e65889889d67b45d4f21a63abb2699

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 15062
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 428
x-via-fastly: Verdad
x-served-by: cache-sjc10070-SJC, cache-sjc10070-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.170342,VS0,VE0
x-fastly-ttl: 14400.000
content-type: application/json;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 16, 16, 3, 3

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 335ms
64ms Script
application/x-javascript 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:15 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 26 Sep 2020 13:16:15 GMT

GET
H2 200 pixel.gif
pixel.staticworld.net/ 67 B
241 B 266ms
236ms Image
image/gif 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.staticworld.net/pixel.gif?b=cso&e=view&t=article&id=3574907&ts=1601039775138&ip=185.156.175.107
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
via: 1.1 varnish
age: 0, 0
x-cache: MISS
status: 200
content-length: 67
x-amz-id-2: Qqnfh4F5FYZebuYzaWEwRBiBC3d3c7O3pxIoM9Yv3BLEary3kDDYrXrZWgfCbAmaELGqMEP6Mdg=
x-served-by: cache-hhn4051-HHN
last-modified: Tue, 28 Nov 2017 22:37:51 GMT
server: AmazonS3
x-timer: S1601039775.177030,VS0,VE199
etag: "c2db45a8f494c4b40095f4fd38d613fd"
x-amz-request-id: AS8YBZCX5V3H6KBM
accept-ranges: bytes, bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 eedeabb0-9a59-4b6b-9df3-e55745819adf.json Show response
cdn.subscribers.com/config/ 843 B
1 KB 36ms
23ms Fetch
text/json 2600:9000:21f3:7c00:2:d151:aac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.subscribers.com/config/eedeabb0-9a59-4b6b-9df3-e55745819adf.json
Requested by: Host: cdn.subscribers.com
URL: https://cdn.subscribers.com/assets/subscribers.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:7c00:2:d151:aac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7ff3811703019eafd657f1b6570c8116fa76072428161cee22ec769b26ef634b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:08 GMT
via: 1.1 d9bf8acc1da383db4531789bbb03ac07.cloudfront.net (CloudFront)
age: 9
x-cache: Hit from cloudfront
status: 200
content-length: 843
last-modified: Thu, 07 May 2020 19:28:21 GMT
server: AmazonS3
etag: "95b891864efe9d4487be6a812a962b3d"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: text/json
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: B65KHtbWu3DVoCddPjlAOKgFQ8tln0mvg2yRoSkvUbRjGm6FUxyMDg==

GET
H2 200 tile Show response
www.csoonline.com/napi/ 1012 B
548 B 186ms
40ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=blox4.dynamic&geo=0&definition=nav.fixed&placement=Nav+Fixed
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e0381b7f79e103a4fa10a42e3c9c45df13f0d25af5b0979548fdb09ab87135ee

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 13019
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 390
x-via-fastly: Verdad
x-served-by: cache-sjc10062-SJC, cache-sjc10062-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.443528,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 19, 19, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 2 KB
820 B 173ms
41ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=blox4.dynamic&geo=0&placement=Nav+Mega+Column+1
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 2d0dc7527e8576659779e7e660732330a44c03679df3f69a5f37fd500bd94a13

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 18022
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 523
x-via-fastly: Verdad
x-served-by: cache-sjc10023-SJC, cache-sjc10023-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.443493,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 11, 11, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 2 KB
953 B 300ms
180ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=blox4.dynamic&geo=0&placement=Nav+Mega+Column+2
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5b3b7577eeaf1c81d6d335dd4799bfb08ca9d1e8a1edeeb4dc7c73ff1b7a3a24

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 11737
x-cache: HIT, HIT, MISS, MISS
status: 200
content-length: 839
x-via-fastly: Verdad
x-served-by: cache-sjc10048-SJC, cache-sjc10048-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.443616,VS0,VE151
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes, bytes
x-fastly-stale: 432000.000
x-cache-hits: 36, 36, 0, 0

GET
H2 200 tile Show response
www.csoonline.com/napi/ 910 B
631 B 250ms
145ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=blox4.dynamic&geo=0&placement=Nav+Mega+Column+3
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 8461d766c8ebd6915b7a9a15c5331bfa317342a21f44c99228df68d95d07430e

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 10464
x-cache: HIT, HIT, MISS, MISS
status: 200
content-length: 470
x-via-fastly: Verdad
x-served-by: cache-sjc10053-SJC, cache-sjc10053-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.459648,VS0,VE143
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes, bytes
x-fastly-stale: 432000.000
x-cache-hits: 33, 33, 0, 0

GET
H2 200 tile Show response
www.csoonline.com/napi/ 6 KB
1 KB 253ms
169ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=blox4.dynamic&geo=0&placement=Nav+Mega+Column+4
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 71d982df62339d7f6a6e846afc39343f4cf59b9e5e98951450eba38a8264c80e

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 1435
x-cache: HIT, HIT, MISS, MISS
status: 200
content-length: 1175
x-via-fastly: Verdad
x-served-by: cache-sjc10025-SJC, cache-sjc10025-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039775.494668,VS0,VE143
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes, bytes
x-fastly-stale: 432000.000
x-cache-hits: 7, 7, 0, 0

GET
H2 200 tile Show response
www.csoonline.com/napi/ 119 B
158 B 137ms
27ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=listItemList&genericIfCategoryEmpty=true&includeArticles=true&pageSize=4&queryKey=BestTechDeals&typeId=16&wrapperElement=ul&itemTemplate=%2Fwww.idge%2F_shared%2Fcomponents%2Fmodules%2Fitem%2Frelated-articles.jsp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e7fe4bbbcd03769a878f9dfcb5a03c43a3a897af814e2f1e7662147ab07c29f2

Request headers

Accept: */*
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 12630
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 31
x-via-fastly: Verdad
x-served-by: cache-sjc10048-SJC, cache-sjc10048-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039776.588066,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 1, 1, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 4 KB
744 B 136ms
26ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=listItemList&genericIfCategoryEmpty=true&includeArticles=true&pageSize=4&queryKey=TechconnectDeals&brandOwnerOnly=true&brandOwner=4194304&wrapperElement=ul&itemTemplate=%2Fwww.idge%2F_shared%2Fcomponents%2Fmodules%2Fitem%2Frelated-articles.jsp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 79a9145996f341a58223363a5af322d5323989e53ccf573ba1b31354ade683af

Request headers

Accept: */*
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 15673
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 663
x-via-fastly: Verdad
x-served-by: cache-sjc10074-SJC, cache-sjc10074-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039776.588019,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 9, 9, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 47 B
189 B 121ms
26ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=editfakeSideBar&geo=0&aid=3574907
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: d2d4f317dcf44ab195d049f781fd353562cf0fa08474e0c659f0fa06609d5529

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
via: 1.1 varnish, 1.1 varnish
vary: Cookie, Accept-Encoding
age: 3044
x-cache: HIT, HIT, HIT, HIT
status: 200
content-encoding: gzip
content-length: 35
x-via-fastly: Verdad
x-served-by: cache-sjc10074-SJC, cache-sjc10074-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039776.587983,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 1, 1, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 426 B
584 B 124ms
0ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=sponsoredfakeSideBar&geo=0&aid=3574907
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 429761aff66ee483e402f5ada8c29ebedac7c17a6e1ff5cf4b57e098340cb1ff

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
vary: Accept-Encoding,Cookie
age: 5807
x-cache: HIT, HIT, HIT, HIT
status: 200
content-length: 300
x-via-fastly: Verdad
x-served-by: cache-sjc10042-SJC, cache-sjc10042-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039776.610143,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 1, 1, 3, 3

GET
H2 200 tile Show response
www.csoonline.com/napi/ 47 B
185 B 111ms
0ms XHR
text/html 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.csoonline.com/napi/tile?def=nativefakeSideBar&geo=0&aid=3574907
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www/js/jquery/jquery-1.10.2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: d2d4f317dcf44ab195d049f781fd353562cf0fa08474e0c659f0fa06609d5529

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
via: 1.1 varnish, 1.1 varnish
vary: Cookie, Accept-Encoding
age: 5807
x-cache: HIT, HIT, HIT, HIT
status: 200
content-encoding: gzip
content-length: 35
x-via-fastly: Verdad
x-served-by: cache-sjc10073-SJC, cache-sjc10073-SJC, cache-hhn4051-HHN, cache-hhn4051-HHN
server: Apache-Coyote/1.1
x-timer: S1601039776.610618,VS0,VE0
x-fastly-ttl: 14400.000
content-type: text/html;charset=UTF-8
cache-control: max-age=14400
x-vcl-version: 50
accept-ranges: bytes
x-fastly-stale: 432000.000
x-cache-hits: 1, 1, 3, 3

GET
DATA 200
OK truncated
/ 809 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a2d8cca92098647e664c23c8f1258b498924c08c0d8150a4974b2ccec40b988

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 googima.js Show response
ssl.p.jwpcdn.com/player/plugins/googima/v/8.8.3/ 66 KB
20 KB 134ms
0ms Script
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/plugins/googima/v/8.8.3/googima.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ba72a30c597d8c5d07c728e9b6aa6ba94a47a9b3ebab98a5ed1df3d276059f9

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
age: 739035
x-cache: HIT
status: 200
content-length: 20174
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 11 Sep 2020 21:11:35 GMT
server: AmazonS3
x-timer: S1601039776.729491,VS0,VE0
etag: "564d15524476a9567d4fffebba1522eb"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 59362

GET
H2 200 jwpsrv.js Show response
ssl.p.jwpcdn.com/player/v/8.17.5/ 57 KB
17 KB 188ms
59ms Script
application/javascript 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.17.5/jwpsrv.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adcb520dc26fa6ab94289c2e1c838695f971ca9812bccfd8bd1ad097bed02abb

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
age: 42
x-cache: HIT
status: 200
content-length: 17309
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 18 Sep 2020 21:35:40 GMT
server: AmazonS3
x-timer: S1601039776.729578,VS0,VE0
etag: "dcd0edabe254ec2f3bc04fa0ca268dd3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, immutable
accept-ranges: bytes
x-cache-hits: 204

GET
H2 200 jwplayer.core.controls.js Show response
ssl.p.jwpcdn.com/player/v/8.17.5/ 294 KB
75 KB 184ms
0ms Script
application/javascript 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.17.5/jwplayer.core.controls.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56dbf0a4f96a286d7304601076c747c21f376f74d69d14d26cb17b1b6f65f06e

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
age: 332707
x-cache: HIT
status: 200
content-length: 76246
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 18 Sep 2020 21:35:32 GMT
server: AmazonS3
x-timer: S1601039776.788488,VS0,VE0
etag: "a2090b9f867cf4fa0fa30e0574f90514"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 141000

GET
H2 200 xAPwXviG Show response
cdn.jwplayer.com/v2/playlists/ 3 KB
1 KB 147ms
40ms XHR
application/json 2600:9000:206e:2600:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jwplayer.com/v2/playlists/xAPwXviG?search=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions&page_description=WastedLocker%20is%20sophisticated%20ransomware%20created%20by%20Evil%20Corp%2C%20a%20notorious%20cyber%20criminal%20group.%20
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:2600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: 942b7c5ee7dbb6550a2c68301ad76871642608288bf9a6b502ba20144ae200d6

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:13 GMT
content-encoding: gzip
server: openresty
age: 2
status: 200
x-cache: Hit from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=1200, max-stale=180
x-amz-cf-pop: VIE50-C1
content-length: 1089
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
x-amz-cf-id: NEOHKuXAeDXCcQ5Om-6dcz7IKdVpXCi4oXnzLOVKQWwyypXVUF68hQ==
expires: Fri, 25 Sep 2020 13:36:13

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 167ms
67ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f78e548cba5f4c0959024934674f048be08f5f25a8734fa5b02aa10aaf6942ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "5396454669527029738"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:15 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 144ms
64ms Image
image/png 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 360590
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 204 generate_204
clients1.google.com/ 0
36 B 144ms
64ms Image
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 25 Sep 2020 13:16:15 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 ransomware_locked_data_by_metamorworks_gettyimages-913641990_bitcoins_by_nature_gettyimages-1195279346_2400x1600-100852471-large.jpg
images.idgesg.net/images/article/2020/07/ 899 KB
900 KB 101ms
48ms Image
image/jpeg 151.101.114.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.idgesg.net/images/article/2020/07/ransomware_locked_data_by_metamorworks_gettyimages-913641990_bitcoins_by_nature_gettyimages-1195279346_2400x1600-100852471-large.jpg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.165 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45578d421aaeec2de59e23899c6424dad16ff4bd0de51e40c20ccc4c994d7952

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: L3u5doQax6OxC2qzLS186YA08D.6xl29
via: 1.1 varnish
etag: "61f426ebf52b16921bc47fba7a8640ab"
age: 2187
x-cache: HIT
status: 200
content-length: 920902
x-amz-id-2: A5WbwlrYtdskpO9HSuBxlO55sDnoaJsaJU3yLXpkWLHFeoh6dkeU3Ovvph5eLbWKsImEaqa1t1w=
x-served-by: cache-hhn4051-HHN
last-modified: Tue, 21 Jul 2020 20:14:58 GMT
server: AmazonS3
x-timer: S1601039776.732112,VS0,VE0
date: Fri, 25 Sep 2020 13:16:15 GMT
x-amz-request-id: 13A39F899606AA22
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/jpeg
x-cache-hits: 3

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 257 B
1 KB 142ms
107ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10778&size_id=15&rp_floor=0.01&rf=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&p_screen_res=1600x1200&site_id=120794&zone_id=1276934&kw=rp.fastlane&tk_flint=index&rand=0.3918505374841583&gdpr=0&gdpr_consent=&alt_size_ids=10
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 05d3894064387b3bb7f5791344f958aae9c6eab499b912ef345cc6ed3987baa1

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 257
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 110ms
75ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10778&size_id=8&rp_floor=0.01&rf=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&p_screen_res=1600x1200&site_id=120794&zone_id=1276934&kw=rp.fastlane&tk_flint=index&rand=0.8544998545266653&gdpr=0&gdpr_consent=&alt_size_ids=9
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d21af2fff5cc426ba97ff56847d5b53a77587b7193c414c94bd1fea3b98cdde0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 171ms
137ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10778&size_id=57&rp_floor=0.01&rf=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&p_screen_res=1600x1200&site_id=120794&zone_id=1276934&kw=rp.fastlane&tk_flint=index&rand=0.7770546193435488&gdpr=0&gdpr_consent=&alt_size_ids=55
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 80d1b2a2843802e3a21df4e86920803ca7a7a44858982df9350b60c751e6e4d1

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 118ms
84ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=10778&size_id=2&rp_floor=0.01&rf=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&p_screen_res=1600x1200&site_id=120794&zone_id=1276934&kw=rp.fastlane&tk_flint=index&rand=0.925813962542966&gdpr=0&gdpr_consent=
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 41af1933a8ec7d9c04055c89b358e9fd66dfbf32fe4b89bf226ac71728af6cbf

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 65 B
610 B 604ms
510ms XHR
text/javascript 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?v=7.2&s=321754&fn=headertag.IndexExchangeHtb.adResponseCallback&r=%7B%22id%22%3A7741546%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter%22%2C%22ref%22%3A%22https%3A%2F%2Ft.co%2FchVwWS4jhn%22%7D%2C%22imp%22%3A%5B%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%221%22%2C%22siteID%22%3A%22338871%22%7D%2C%22id%22%3A%221%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%222%22%2C%22siteID%22%3A%22342895%22%7D%2C%22id%22%3A%222%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2236%22%2C%22siteID%22%3A%22388625%22%7D%2C%22id%22%3A%223%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A120%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2240%22%2C%22siteID%22%3A%22398731%22%7D%2C%22id%22%3A%224%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%224%22%2C%22siteID%22%3A%22342897%22%7D%2C%22id%22%3A%225%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%226%22%2C%22siteID%22%3A%22342899%22%7D%2C%22id%22%3A%226%22%7D%2C%7B%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22sid%22%3A%2235%22%2C%22siteID%22%3A%22388624%22%7D%2C%22id%22%3A%227%22%7D%5D%2C%22ext%22%3A%7B%22source%22%3A%22ixwrapper%22%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22d71e4cbf-35ef-4a29-9ce2-4a08e3d4645b%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222020-09-25T13%3A16%3A12%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%2C%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e6bbe03cd6aa538c95d9a9411d2a08ceb28bd14fb77a7b0bc5526ff3a8b65e5d

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:16 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://www.csoonline.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: text/javascript
content-length: 85
expires: Fri, 25 Sep 2020 13:16:16 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 0
690 B 126ms
53ms XHR
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=13473145&size=300x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=d9xXE9oP&psa=0&promo_sizes=300x600&referrer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.107:80
AN-X-Request-Uuid: 954b7baa-5557-484c-9b05-b8b64b07bda3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 0
690 B 125ms
53ms XHR
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=13453147&size=970x250&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=fkVfhhnN&psa=0&promo_sizes=970x90&referrer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.149:80
AN-X-Request-Uuid: 275cbd4f-6cab-4159-a487-577f48ed4ad1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jpt Show response
secure.adnxs.com/ 0
689 B 157ms
85ms XHR
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/jpt?id=19528110&size=728x90&callback=headertag.AppNexusHtb.adResponseCallback&callback_uid=eo3HF1vn&psa=0&referrer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&gdpr=0&gdpr_consent=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:15 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.87:80
AN-X-Request-Uuid: 472e21e7-c797-442a-af58-ca014098c120
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
492 B 155ms
35ms XHR
application/json 3.121.66.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=csoonline_ros_300x600&lib=ix&size=300x250%2C300x600&referrer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&v=2.1.2&tmax=1000&gdpr=false&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.66.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:15 GMT
x-auction-status: 5
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
492 B 154ms
34ms XHR
application/json 3.121.66.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?inv_code=csoonline_ros_970x250&lib=ix&size=970x250%2C970x90&referrer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&v=2.1.2&tmax=1000&gdpr=false&cmp_cs=&us_privacy=1---

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.66.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:15 GMT
x-auction-status: 5
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 110ms
18ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 35
date: Fri, 25 Sep 2020 13:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Fri, 25 Sep 2020 15:15:40 GMT

GET
H2 200 111346X1569475.skimlinks.js Show response
s.skimresources.com/js/ 45 KB
17 KB 113ms
59ms Script
application/octet-stream 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/111346X1569475.skimlinks.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WR6LD2P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e505245ea5363e87457877edccc48b032910ed5295995c7c6587840a694270f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 15:09:19 GMT
server: AmazonS3
x-amz-request-id: 18FF188C7A147476
etag: "0d0fb740cdfb5dc2f07ee11f85e6c090"
x-hw: 1601039775.cds040.pa1.hn,1601039775.cds002.pa1.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 16937
x-amz-id-2: xUipbZoFeX42y6YqOh6ux9s52KGy+KislnHWKZBI2SS0gxdcssbK20xC91RIk1SiFP+hjg6xROA=

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 109 B
126 B 32ms
18ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.csoonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
126 B 32ms
18ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.csoonline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
9 KB 389ms
387ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4422233137226889&correlator=3438891788165738&output=ldjh&impl=fifs&eid=21066466%2C21067524%2C21067551%2C21066781%2C21066908%2C21066993%2C21067031&vrg=2020091601&gdpr=0&addtl_consent=1~&us_privacy=1---&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200925&iu_parts=8456%2CIDG.G_B2B_CSOOnline.com%2Csecurity_section&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C1x1%7C2x1%2C640x480%2C970x90%7C970x250%7C728x90%2C300x600%7C300x250%7C120x600%7C160x600%2C7x7&prev_scp=positiondata%3Darticle_superwide_gpt-skin%26pos%3Dgpt-skin%26id%3D49cc570e-ff31-11ea-af1a-067dc49a95c9%26vw%3D40%26pub%3D40%7Cpositiondata%3Darticle_superwide_inread%26pos%3Dinread%26id%3D49cc570f-ff31-11ea-af1a-067dc49a95c9%7Cpositiondata%3Darticle_superwide_gpt-overlay%26pos%3Dgpt-overlay%26id%3D49cc5710-ff31-11ea-af1a-067dc49a95c9%26vw%3D40%26pub%3D40%7Cpositiondata%3Darticle_superwide_topleaderboard%26pos%3DATF1%26id%3D49cc5711-ff31-11ea-af1a-067dc49a95c9%26vw%3D40%2C50%2C60%26grm%3D40%2C50%2C60%2C70%26pub%3D40%2C50%2C60%2C70%7Cpositiondata%3Darticle_superwide_topimu%26pos%3DATF1%26id%3D49cc5712-ff31-11ea-af1a-067dc49a95c9%26vw%3D40%2C50%2C60%26grm%3D40%2C50%26pub%3D40%2C50%7Cpositiondata%3Darticle_superwide_oc_ad_1%26pos%3DATF1%26id%3D49cc5713-ff31-11ea-af1a-067dc49a95c9%26vw%3D40%26grm%3D40%2C50%26pub%3D40&cust_params=permutive%3D%26URL%3Dhttps%25253A%25252F%25252Fwww.csoonline.com%25252Farticle%25252F3574907%25252Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%26zone%3Darticle%252Fransomware%26channel%3Ddata-loss-prevention%252Csecurity%26articleId%3D3574907%26type%3Dfeature%26typeId%3D6%26manufacturer%3Dsymantec%26templateType%3Darticle-default%26categoryIds%3D4046%252C3856%252C2206%26categorySlugs%3Dransomware%252Ccybercrime%252Csecurity%26goldenIds%3D71%252C944%252C941%26author%3DLucian%2520Constantin%26insiderContent%3Dtrue%26inskin_yes%3Dtrue%26c%3DAIIA%26device%3Dsuperwide%2520desktop%26referrer%3Dhttps%253A%252F%252Ft.co%252F%26browser%3DMozilla%252F5.0%2520(Macintosh%253B%2520Intel%2520Mac%2520OS%2520X%252010_14_5)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F83.0.4103.61%2520Safari%252F537.36%26insiderauth%3Dno%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow&cookie=ID%3D13d9f23d06af11d4-225b9960e6b8005b%3AT%3D1601039774%3AS%3DALNI_MaNrpFfyl4wBn-UEsQYR39IeJl89w&bc=31&abxe=1&lmt=1601039776&dt=1601039776004&dlt=1601039765484&idt=8781&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C-9%2C-9%2C315%2C985%2C0&adys=-9%2C-9%2C-9%2C460%2C682%2C0&adks=1495446708%2C2159916742%2C3497667916%2C1545592250%2C1223532631%2C3757431689&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&ref=https%3A%2F%2Ft.co%2FchVwWS4jhn&dssz=152&icsg=4499202654601200&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C0x-1%7C0x-1%7C970x90%7C300x800%7C1600x0&msz=0x-1%7C0x-1%7C0x-1%7C970x90%7C300x600%7C1600x7&ga_vid=667498866.1601039776&ga_sid=1601039776&ga_hid=526482632&fws=2%2C2%2C2%2C0%2C512%2C512&ohw=0%2C0%2C0%2C0%2C0%2C0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

4783de51108b431ccaccc3c1f30c338f74d777ae4e233299e83a879a828d80ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9131
x-xss-protection: 0
google-lineitem-id: -2,152957456,-2,5416385717,5416385717,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,84824067176,-2,138316865667,138316265903,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 240ms
80ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 76ms
73ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 put.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 1FED 0
0 209ms
78ms Document
text/html 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/put.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: thirdparty=yes; obuid=138589f1-0eee-495e-9069-7e533867e433; recs_e571002a449abcf38e0bed9c2bf118cb=0B3063985485A2562182652A3067694173A3051856545A3055685852A3004847636ACD0; recs_dde639e08078cfc1208c2b3e6f6f9df8=0B2003228138A3043877337A2300243743A2867943802A3038620160A2084332138ACD0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "c0311cf15c21ddda054005e92fad3f9e:1600854845.760116"
last-modified: Wed, 23 Sep 2020 08:20:51 GMT
server: AkamaiNetStorage
content-length: 416
cache-control: max-age=345600
date: Fri, 25 Sep 2020 13:16:16 GMT
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cookie: CheetahStaging=true
set-cookie: akacd_widgets_routing=1601039776~rv=60~id=460e8263b1e95911091f599c47691dd3; path=/; Expires=Fri, 25 Sep 2020 13:16:16 GMT; Secure; SameSite=None

GET
H/1.1 200
OK d3d3LmNzb29ubGluZS5jb20= Show response
tcheck.outbrainimg.com/tcheck/check/ 16 B
419 B 50ms
45ms XHR
application/json 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/d3d3LmNzb29ubGluZS5jb20=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:16 GMT
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=27981
Access-Control-Allow-Credentials: false
Connection: keep-alive
Content-Length: 16
Expires: Fri, 25 Sep 2020 21:02:37 GMT

POST
H/1.1 200
OK headerstats Show response
as-sec.casalemedia.com/ 0
341 B 57ms
56ms XHR
text/plain 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=321754&u=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183980-47728333013839.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:16 GMT
Server: Apache
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Fri, 25 Sep 2020 13:16:16 GMT

GET
H2 200 9335 Show response
s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/ 320 B
612 B 132ms
132ms Script
application/octet-stream 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/9335?t=2020825153
Requested by: Host: t.co
URL: https://t.co/chVwWS4jhn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9649812339f345baf723c0023908be746398ca47dee2bcd48497ec01d0c82dd2

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: eeOczWrhr3WlDS3HD98ADYAJ.F_RANRM
last-modified: Fri, 25 Sep 2020 12:46:26 GMT
server: AmazonS3
x-amz-request-id: 158A53FFC250F7B3
etag: "3248883e482b3f9c98bd3c47d0b666ed"
content-type: application/octet-stream
status: 200
date: Fri, 25 Sep 2020 13:16:16 GMT
accept-ranges: bytes
content-length: 320
x-amz-id-2: kGFNxb2kWwo1SGsvPyaaZp7blBzDl1i4AmPyplzOTdYUh9Ro7wG7VumE5muS+Rvp8wr6V9LxfoE=

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 138ms
121ms XHR
application/json 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1601039776333&sessionId=b7dec2a2-261e-7589-034b-1de242325562&url=www.csoonline.com&cheqSource=1&cheqEvent=0&exitReason=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:16 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 5da6d6245c120865734e0598851389e5
Content-Length: 4
Expires: 0

GET
H2 200 get Show response
odb.outbrain.com/utils/ 29 KB
10 KB 222ms
220ms Script
text/javascript 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&idx=0&rand=55834&key=NANOWDGT01&lastPvTs=811&widgetJSId=AR_1&va=true&et=true&format=html&pdobuid=-1&adblck=false&px=315&py=2063&vpd=863&settings=true&recs=true&version=200089&sig=qqxG8eVs&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpa=1---&ccpaStat=1&ref=https%3A%2F%2Ft.co%2FchVwWS4jhn
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3410ec4d59df964cdc8ab4f99d97c31b44f3aa1e144e1c97872a2dc0ef9c9c78

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:16 GMT
content-encoding: gzip
traffic-path: CHIDC2, MDW, HHN, Europe2
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
status: 200
x-cache-hits: 0, 0
x-traceid: b8beef549d2994a48f50ca3162d407c0
content-length: 10089
x-served-by: cache-mdw17349-MDW, cache-hhn4036-HHN
pragma: no-cache
x-timer: S1601039777.502177,VS0,VE181
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
backend-ip: 157.52.75.49
accept-ranges: bytes, bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

201

sync
googlesync.permutive.com/v2.0/px/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEFSj7pFGCO7N2tb0NEivwRg&error=&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679&google_cver=1

35 B
96 B

787ms
66ms

Image
image/gif

34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEFSj7pFGCO7N2tb0NEivwRg&error=&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679&google_cver=1
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 201
date: Fri, 25 Sep 2020 13:16:17 GMT
via: 1.1 google
server: Permutive
alt-svc: clear
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:16 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEFSj7pFGCO7N2tb0NEivwRg&error=&type=ddp&k=84c7e805-5ce9-41f4-b988-3529488bab1c&u=557a3b55-2cde-4b95-9fcd-946ee9131679&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 404
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

201

sync
api.permutive.com/v2.0/px/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=dbegppc&ttd_tpi=1&ttd_puid=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679
https://api.permutive.com/v2.0/px/sync?ku=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679&alias=d71e4cbf-35ef-4a29-9ce2-4a08e3d4645b&type=tradedesk

35 B
96 B

787ms
67ms

Image
image/gif

34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.permutive.com/v2.0/px/sync?ku=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679&alias=d71e4cbf-35ef-4a29-9ce2-4a08e3d4645b&type=tradedesk
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 201
date: Fri, 25 Sep 2020 13:16:17 GMT
via: 1.1 google
server: Permutive
alt-svc: clear
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:16 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://api.permutive.com/v2.0/px/sync?ku=84c7e805-5ce9-41f4-b988-3529488bab1c,557a3b55-2cde-4b95-9fcd-946ee9131679&alias=d71e4cbf-35ef-4a29-9ce2-4a08e3d4645b&type=tradedesk
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 377

GET
H2 200 CIO-logo-blk-wht-no-tag.svg
alt.idgesg.net/images/furniture/cio/ 1 KB
2 KB 188ms
47ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/cio/CIO-logo-blk-wht-no-tag.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f1b17f2f9534096425d6a28ed4a6c87f220b12a4b579c2936ab358e1da7de235

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: SWPVylTKhkXRLzcqckQyPzS2sW_WO6tj
via: 1.1 varnish
etag: "c164c10a34b9bb9602a3fa9fd11418f2"
age: 3430
x-amz-meta-origin-date-iso8601: 2019-10-30T17:26:32.000Z
x-cache: HIT
status: 200
content-length: 1326
x-amz-id-2: OAwG5bHjLQGItD0KXbTUNyjiH711jHi7ajjivZ//kLTU6ZQ7su0phYPpIiaKilBMLpqubcJ7VNA=
x-served-by: cache-hhn4033-HHN
last-modified: Wed, 30 Oct 2019 17:37:31 GMT
server: AmazonS3
x-timer: S1601039777.029709,VS0,VE0
date: Fri, 25 Sep 2020 13:16:17 GMT
x-amz-request-id: F88A2814D58FE3AF
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 8

GET
H2 200 Computerworld_logo-white-no-tag.svg
alt.idgesg.net/images/furniture/computerworld/ 2 KB
2 KB 187ms
46ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/computerworld/Computerworld_logo-white-no-tag.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c80b8e38e93a84d8bcf76639294cabc7f0bad535d4a896660004734cc5d1c61a

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: R2CU5MklK2AqLAfnWoUIB37ZDYKnQWhh
via: 1.1 varnish
etag: "7a6da09ff6f6cadafa0efb1f23092c4f"
age: 1461
x-amz-meta-origin-date-iso8601: 2018-11-02T18:24:47.000Z
x-cache: HIT
status: 200
content-length: 1970
x-amz-id-2: hxzxFY1q5yBIxsXq/5KHz/GjQ/gwMaxaOjJK0xUK3ikIXp/m3AG5VVaJmGkikbEL2KycoxjzjIM=
x-served-by: cache-hhn4033-HHN
last-modified: Fri, 02 Nov 2018 20:25:21 GMT
server: AmazonS3
x-timer: S1601039777.029663,VS0,VE0
date: Fri, 25 Sep 2020 13:16:17 GMT
x-amz-request-id: AF440555FB89B94E
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 7

GET
H2 200 NetworkWorld_logo-white-no-tag.svg
alt.idgesg.net/images/furniture/networkworld/ 3 KB
3 KB 186ms
46ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/networkworld/NetworkWorld_logo-white-no-tag.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cce1a9282d617a8475100f0a0505c83464852a4ec34ff854792d8af13dccb8aa

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: stYFwwJhU_K5wdqG2YDDTO_Y2rQjmQ4H
via: 1.1 varnish
etag: "e83d03b426e2cff512d1e2f8b00be3c6"
age: 2890
x-amz-meta-origin-date-iso8601: 2018-11-02T18:14:57.000Z
x-cache: HIT
status: 200
content-length: 2641
x-amz-id-2: zWuzqPi8SNghPKUey6pSCvKJZnAkA+ErFhSsW519MqSm4kr2AZArStc8dmJbJYPGFwlZEUEW0Yk=
x-served-by: cache-hhn4033-HHN
last-modified: Fri, 02 Nov 2018 20:26:11 GMT
server: AmazonS3
x-timer: S1601039777.029649,VS0,VE0
date: Fri, 25 Sep 2020 13:16:17 GMT
x-amz-request-id: FA465491FCE57347
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 8

GET
H2 200 InfoWorld_logo-white-no-tag.svg
alt.idgesg.net/images/furniture/infoworld/ 3 KB
3 KB 185ms
45ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alt.idgesg.net/images/furniture/infoworld/InfoWorld_logo-white-no-tag.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17bb8b5dfa44693e301a436b03b03ef05ed0a581e6e036aef2756a5c03034356

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: iCWBp9tPxAaqtQ9G1uBiqNqsBKm09VdU
via: 1.1 varnish
etag: "dd990c1b71bf205702dbce78f3709d65"
age: 1486
x-amz-meta-origin-date-iso8601: 2018-11-02T18:22:02.000Z
x-cache: HIT
status: 200
content-length: 2598
x-amz-id-2: WmIN8J+ayP0f/f6T7DZYe+SqEl+L2fxGtLfF49awoJE9+oyMgjvvsd5cOa7oL0+pnTnO+CZLJOc=
x-served-by: cache-hhn4033-HHN
last-modified: Fri, 02 Nov 2018 20:25:44 GMT
server: AmazonS3
x-timer: S1601039777.029628,VS0,VE0
date: Fri, 25 Sep 2020 13:16:17 GMT
x-amz-request-id: 6K7S2H8X5M1Y6PAT
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 7

GET
H2 200 provider.hlsjs.js Show response
ssl.p.jwpcdn.com/player/v/8.17.5/ 282 KB
85 KB 131ms
0ms Script
application/javascript 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.17.5/provider.hlsjs.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a6c194f1db602b3fc6d0f7a89ad7faa5f91cdaaf69b69b14c791347985789c3b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
age: 332708
x-cache: HIT
status: 200
content-length: 87260
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 18 Sep 2020 21:35:36 GMT
server: AmazonS3
x-timer: S1601039777.017453,VS0,VE0
etag: "cd38f44e218500a02e2043f207cb4a1d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 112609

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame D2F0 47 KB
14 KB 846ms
74ms Script
application/javascript 52.215.225.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=8879&campId=728x90&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316865667&pubOrder=2716295266&cb=1233533998&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5711-ff31-11ea-af1a-067dc49a95c9
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.225.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a77926f504a5bb0acf1a7fb70c75f290ebeb93d7b7cada28a5456b10ea51111e

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-server-name: app16.ie.303net.net
status: 200
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame BF32 0
0 786ms
223ms Fetch
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqrlCMNxVJkk1teYgCQ4AzuKOBxoCUf2Udl1sQ5QCl0g-1CWlMIo4vNpUqlq14Hx758tgrHPRauwzJPbMx-u0iECDfRDtaTclMS1Mlh46k9Ac9lfjgI5o6942YmWyM6aUNrZsrxXLf4Pvwe-8aPkgcNh1Gg9iTMfQIEGl2lmSzMh694MyhpLEmBlH6H0tbslimTaKdhRPNyp-xtBKnC9uMlbACCtezAR1VMOi2yicHCu6yjdEh8Icwk8CS761roPg1Xv1fPuWukOdmL0yvL1B8GlG0FXmbb841yo5sbA&sig=Cg0ArKJSzHCnKdrJBZpbEAE&adurl=

Requested by

Host: t.co
URL: https://t.co/chVwWS4jhn

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:17 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20200923/r20110914/client/ Frame BF32 3 KB
1 KB 734ms
259ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20200923/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87adcd951526f566dd8a1eb655a8c4736a3bad8167f6e09a255e54650aeeb655

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 20:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60261
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
server: cafe
etag: 15429208973290199181
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Oct 2020 20:31:56 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame BF32 75 KB
28 KB 566ms
96ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b317742277d72c28cb24020d61cc7daecd4e51e48a68a16440d26bf1a008a129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28928
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:17 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame BF32 0
0 790ms
118ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTjRpirQ6GdNxnoesqlq0QhArQDguH9YlEk8jdIDRIrEB4iA74FkB05rRhg8AfaH6iA4GK9bjw5pOoeF8qv4iePB0ljaw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 8825949152029269034
tpc.googlesyndication.com/simgad/ Frame BF32 110 KB
110 KB 610ms
140ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8825949152029269034

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a446a273a279f92bf3d1dd299d106cff149e9a1a3e4ecec1082a7e418b833635

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 12:03:17 GMT
x-content-type-options: nosniff
age: 349980
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112568
x-xss-protection: 0
last-modified: Mon, 13 Jul 2020 15:27:42 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Sep 2021 12:03:17 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 6379 47 KB
14 KB 823ms
73ms Script
application/javascript 52.215.225.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=8879&campId=300x250&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316265903&pubOrder=2716295266&cb=198793054&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5712-ff31-11ea-af1a-067dc49a95c9
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.225.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1de023239ba0af490f8198f84bb19edaddfbcfc75d281ed5f9644bcb03497a27

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-server-name: app36.ie.303net.net
status: 200
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED72 0
0 748ms
184ms Fetch
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssouojP2DDu9d86xK-JMxHj38zdktOkI24nRTEZwJfyhs1GenpYF9Vb9z34Se2HknE2cmRpd7L37lI0VL3VOQX_xApteohiV2DFpeED7BKX7zenfCSYqwGIGJDO_zociJzmKnPwZoRMd9i-icFENFZqSuLkwI_E7Wj1AovfkmT3O4WoHvvw1O3aqTgX5HOxcMnOJUUCyY1wTan_c2lcG34CAtALl2SkbHn9VjiWoTM0BI3vL5CmZDJEvkmSjZOxdMT6XV4rA0u9Zfz94fzgwwvnDdPrkuYyrNsnSkCgPw&sig=Cg0ArKJSzG4XEGcCL5B-EAE&adurl=

Requested by

Host: t.co
URL: https://t.co/chVwWS4jhn

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:17 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20200923/r20110914/client/ Frame ED72 3 KB
1 KB 737ms
236ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20200923/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87adcd951526f566dd8a1eb655a8c4736a3bad8167f6e09a255e54650aeeb655

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 20:31:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60261
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
server: cafe
etag: 15429208973290199181
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Oct 2020 20:31:56 GMT

GET
H3-Q050 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED72 75 KB
28 KB 580ms
78ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b317742277d72c28cb24020d61cc7daecd4e51e48a68a16440d26bf1a008a129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28928
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:17 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame ED72 0
0 734ms
116ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxPp9GtEzZOWl9VdiKwdLtJNXkT8A4j5Q8GChtMj3HKVMiatwF_2_qJtKqMAZQhAG1aG1uaXm-9a9-3PgiHhfDeb0bJA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 17060327149498909901
tpc.googlesyndication.com/simgad/ Frame ED72 156 KB
157 KB 827ms
210ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17060327149498909901

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19879ad5afa02d472cbadac15ba3392a4e8213cebe4cf85f784a41803f60255c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 10:42:44 GMT
x-content-type-options: nosniff
age: 354813
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 160200
x-xss-protection: 0
last-modified: Mon, 06 Jul 2020 20:55:36 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Sep 2021 10:42:44 GMT

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 814ms
185ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27610
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:17 GMT

GET
H/1.1 200
OK dwce_cheq_events Show response
log.outbrainimg.com/loggerServices/ 4 B
325 B 672ms
128ms XHR
application/json 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1601039777209&sessionId=b7dec2a2-261e-7589-034b-1de242325562&url=www.csoonline.com&cheqSource=1&cheqEvent=3&responseTime=1077
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:17 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 5bafb812acb7ccaa2e9bc9bd96e81b8c
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK pixel
tr.outbrain.com/ 43 B
275 B 1195ms
176ms Image
image/gif 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/pixel?marketerId=00311567606f148d52a139cf023b172c72&obApiVersion=1.0.11&name=PermutiveOPsTest&dl=https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter&optOut=false&bust=08458222366232442
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:18 GMT
Cache-Control: no-cache
Connection: close
X-TraceId: e9265a1e245325714f85efdbbbf73728
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H/1.1 200
OK seg
secure.adnxs.com/ 0
1 KB 558ms
48ms Image
application/javascript 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/seg?add=19553773&t=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:17 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.228:80
AN-X-Request-Uuid: 1268e6ce-914e-4a27-a825-60eec7531a23
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
127 B 922ms
270ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3810&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00dce2f400b9e78f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
121 B 921ms
269ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o2grf&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00b66eb500a8c620
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
218 B 922ms
270ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3811&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 124
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 007898bd00fad3c6
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
164 B 918ms
272ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3ao8&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 125
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 001e4aef0005049b
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
121 B 914ms
268ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o381a&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0098ac9f00074fd9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
247 B 914ms
271ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3ao7&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 124
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 002ee84200eadaea
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
124 B 548ms
92ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3cwm&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:17 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 008e79dd007ef142
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 552ms
97ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3cwc&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:17 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0097eeff005d2246
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
124 B 544ms
89ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3cwb&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 112
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:17 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0028f72a00e1090f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 664ms
89ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3aok&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00900533006ee419
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
170 B 662ms
87ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3aoj&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 114
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00c541c000ead9f9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 665ms
91ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3aoe&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00c2c46f00aad0c1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
120 B 676ms
104ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3gt9&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 125
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 008dd85900fa9c93
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 664ms
92ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m0j&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 002c80b900269625
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 663ms
93ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m0l&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00f8bcdb0023e3e0
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 736ms
166ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m0n&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 005643c900781602
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 746ms
177ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m0q&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0027e9420067c43a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
120 B 777ms
208ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m0r&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 124
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0027cd5d007b6854
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 762ms
194ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3m12&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0092409000752932
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 767ms
200ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o3siu&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0059ac50007c72f8
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
119 B 772ms
205ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=o45cu&p_id=Twitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00a2b29a0017913b
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 593ms
81ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=22907
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799

GET
H2 200 7ded0c35890ef756854468b57d4c0287 Show response
idg.blueconic.net/plugin/library/ 405 KB
117 KB 765ms
195ms Script
text/javascript 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/plugin/library/7ded0c35890ef756854468b57d4c0287

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

5b60a549260bc8c8c099d635207934fc5aa329c199d8dff4311db07bd46d68b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
etag: 7ded0c35890ef756854468b57d4c0287
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: private, max-age=31536000
content-type: text/javascript; charset=utf-8
content-length: 118726
x-xss-protection: 1; mode=block
expires: Sat, 25 Sep 2021 13:16:18 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 3 KB
2 KB 749ms
473ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=3247f953-f015-47dd-b018-96ddd874be37&overruleReferrer=&time=2020-09-25T15%3A16%3A17%2B02%3A00&ts=1601039777518

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

4310ac7f23a45cec94166b5477d9f78281a5864cd0ff26f3faab01560fcd6405

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 1239
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
887 B 395ms
80ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:05:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 678
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:05:00 GMT

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 7FD8 0
40 B 554ms
0ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8895306163440366
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 206
date: Fri, 25 Sep 2020 13:16:18 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 598ms
43ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=6.208619614378112
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
content-type: image/gif
alt-svc: clear
content-length: 43

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 596ms
46ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=6.208619614378112
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
content-type: image/gif
alt-svc: clear
content-length: 43

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 591ms
48ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/chVwWS4jhn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: c/T1P3XCOr9ZudjTHamnQgfvcB7bI23BBytJgE2WeTNXQHjQJ1N6ljOZQ5tFOib/lv5x0G11vvejhLSRJvNOgA==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:16:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
170 B 725ms
203ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o2dl8&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 124
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0fc3cb2104ee8c6b5e10f0c8559939ae
x-transaction: 00b3b9ee000c1d7a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
125 B 758ms
132ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nw1at&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0fc3cb2104ee8c6b5e10f0c8559939ae
x-transaction: 0028f70d00c311b9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
125 B 800ms
174ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nv5jw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0fc3cb2104ee8c6b5e10f0c8559939ae
x-transaction: 008e933700af7f8a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
128 B 789ms
175ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1hbs&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0fc3cb2104ee8c6b5e10f0c8559939ae
x-transaction: 00e3f91a0051343b
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ 2 KB
3 KB 673ms
169ms Image
image/png 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Wed, 23 Sep 2020 08:20:51 GMT
server: AkamaiNetStorage
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1600854726.511946"
status: 200
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
cookie: CheetahStaging=true
accept-ranges: bytes
timing-allow-origin: *
content-length: 2326
expires: Sun, 25 Oct 2020 13:16:18 GMT

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
309 B 801ms
196ms XHR
text/plain 64.74.236.63
INTERNAP-BLK5

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=a0afd8409b1f54d29f3a65975ffe7bbb_28429_1601039776617&tm=1952&eT=0&widgetWidth=970&widgetHeight=651&widgetX=315&widgetY=2064&wRV=200089&pVis=0&lsd=138589f1-0eee-495e-9069-7e533867e433&eIdx=&ccpa=1---&cheq=0&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.63 , United States, ASN19024 (INTERNAP-BLK5, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
Content-Type: text/plain; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: content-range
Connection: close
X-TraceId: 96595aeb9fd7cb75f1404399ae9bf0
Content-Length: 28

GET
H2 200 vidget.js Show response
libs.outbrain.com/vidget/ 181 KB
43 KB 598ms
264ms Script
application/x-javascript 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://libs.outbrain.com/vidget/vidget.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 716ac777625b0df24474475de328c05a62488d649d3241f1770be5e21558df4b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
status: 200
content-length: 44059
pragma: no-cache
last-modified: Wed, 23 Sep 2020 11:37:44 GMT
server: AkamaiNetStorage
etag: "a5986d9c0e85df43e78c6f4899f2aa93:1600862386.697586"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Fri, 25 Sep 2020 13:16:18 GMT

GET
H2 200 obUserSync.html
widgets.outbrain.com/widgetOBUserSync/ Frame CD85 0
0 49ms
48ms Document
text/html 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /widgetOBUserSync/obUserSync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: obuid=138589f1-0eee-495e-9069-7e533867e433; recs_e571002a449abcf38e0bed9c2bf118cb=0B3063985485A2562182652A3067694173A3051856545A3055685852A3004847636ACD0; recs_dde639e08078cfc1208c2b3e6f6f9df8=0B2003228138A3043877337A2300243743A2867943802A3038620160A2084332138ACD0; recs_6e12d2e77a9a1ab26aa035587864b2c3=0B3044825078A2869409611A3043046706A3026887502A3055685852A2942238685ACD0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "a5ffd2c9bf491963b98ba1bb5d1ba2c3:1599743931.079197"
last-modified: Thu, 10 Sep 2020 13:18:37 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=86400
expires: Sat, 26 Sep 2020 13:16:19 GMT
date: Fri, 25 Sep 2020 13:16:19 GMT
content-length: 4443
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cookie: CheetahStaging=true
set-cookie: akacd_widgets_routing=1601039779~rv=15~id=7a4cf63d4b0172df78f551bf5bd14d78; path=/; Expires=Fri, 25 Sep 2020 13:16:19 GMT; Secure; SameSite=None

GET
H2 200 streamFeed.js Show response
widgets.outbrain.com/nanoWidget/200089/module/ 45 KB
15 KB 528ms
206ms Script
application/x-javascript 23.210.250.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/200089/module/streamFeed.js?e=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.250.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-44.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 327a742244ecfe2d5bf209e8bdf258164a1c47940e0306a6c11fb2914ebfb602

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
status: 200
cookie: CheetahStaging=true
content-length: 14933
last-modified: Wed, 23 Sep 2020 08:20:50 GMT
server: AkamaiNetStorage
etag: "d31e468e1c2afec43141335c867e9219:1600854768.298477"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=345600
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 eyJpdSI6ImU0NmQ0MTIyN2U0MWJiMTQzY2IyMzYxNDBlZGE2OTQzNjY0MjI3NGIwNmU5YWFmOGY4ZDM0OTJhZDVkN2QwYjEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 105 KB
106 KB 601ms
35ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImU0NmQ0MTIyN2U0MWJiMTQzY2IyMzYxNDBlZGE2OTQzNjY0MjI3NGIwNmU5YWFmOGY4ZDM0OTJhZDVkN2QwYjEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe63caab2b7332d08db1fb857d5db53b30a2f53cab26c1d0ec6f47f5d446aa45

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Fri, 11 Sep 2020 10:30:51 GMT
content-type: image/webp
status: 200
cache-control: max-age=1249031
x-traceid: b615d9064acdf04dc60924104bb6e5f6
timing-allow-origin: *
content-length: 107796

GET
H2 200 eyJpdSI6IjAzMzk3NjdmOTk5MjM0NTIyMWU1OGY1OTU4ZmVkMjE5MzZiNzJmMmZmNTIzZDBhNzFkMWM1Y2Y4NzlkMmNmNjAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 50 KB
50 KB 375ms
106ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjAzMzk3NjdmOTk5MjM0NTIyMWU1OGY1OTU4ZmVkMjE5MzZiNzJmMmZmNTIzZDBhNzFkMWM1Y2Y4NzlkMmNmNjAiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e60ce047bba409ec397e9852d74090b58b2c2153a5848410735c7572f656df9b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Mon, 03 Aug 2020 01:53:54 GMT
content-type: image/webp
status: 200
cache-control: max-age=1131187
x-traceid: 5d7ad8ace1a2b12fac8865a3d1006cdc
timing-allow-origin: *
content-length: 50794

GET
H2 200 eyJpdSI6ImE4MGNiMTU3MzM3ODQ5NzYzOTJlZGEzYmNlNTE5YmE5YTVkYTVmNzI3NGIyYTkwOGEzZTNhNDEwNGU3OTZmNTgiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 47 KB
47 KB 268ms
0ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImE4MGNiMTU3MzM3ODQ5NzYzOTJlZGEzYmNlNTE5YmE5YTVkYTVmNzI3NGIyYTkwOGEzZTNhNDEwNGU3OTZmNTgiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b2191359df7b453a2d66e67dc971308b743b548bd42f2c2aba1876af993187c1

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Thu, 10 Sep 2020 10:21:49 GMT
content-type: image/webp
status: 200
cache-control: max-age=1157036
x-traceid: e9f1594562dd13ec7fbc85a9bb89c461
timing-allow-origin: *
content-length: 47812

GET
H2 200 eyJpdSI6IjQxYWU0YTMxNzYyYmY3N2VmMGNjYWFjMTcwNzhkZmUwYjY0YmUzNGNhNWE5M2FkYmI4ZjFlMzE4ZThjM2Y3ZDEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 73 KB
73 KB 281ms
110ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQxYWU0YTMxNzYyYmY3N2VmMGNjYWFjMTcwNzhkZmUwYjY0YmUzNGNhNWE5M2FkYmI4ZjFlMzE4ZThjM2Y3ZDEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 31b0497b536aea9ea2f798a5e2645b07a618cdbd147c39e2c0314fb987cc7887

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Tue, 08 Sep 2020 20:48:24 GMT
content-type: image/webp
status: 200
cache-control: max-age=1022509
x-traceid: b221218d9cfaab42412cbb051667b797
timing-allow-origin: *
content-length: 74794

GET
H2 200 eyJpdSI6IjhiYzg1ZGEzOGZmYmRjNWU0YzdhMjc5NzUxYzgwMzE5MmI3YjlmMGM2Y2NmNWRkZTIwMDg1YmE0NjdlOGMzOWEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 77 KB
78 KB 353ms
211ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjhiYzg1ZGEzOGZmYmRjNWU0YzdhMjc5NzUxYzgwMzE5MmI3YjlmMGM2Y2NmNWRkZTIwMDg1YmE0NjdlOGMzOWEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: bb2a3123cd7fcae42a41e2dc0690573ef47865d9c23806035f420eb3459009e5

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Mon, 21 Sep 2020 16:02:36 GMT
content-type: image/webp
status: 200
cache-control: max-age=2190805
x-traceid: f932d4fbb82862805fd3dc89d23cdec
timing-allow-origin: *
content-length: 79128

GET
H2 200 eyJpdSI6ImZmMTAwYmUxOWYwZTRjOTEzN2Y0YWNhZGIxMjc4ODhiODFjNDYyZjE0OTczYjI4ZWJjMmRkNDE2OThkNGYxNWYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 49 KB
49 KB 318ms
235ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImZmMTAwYmUxOWYwZTRjOTEzN2Y0YWNhZGIxMjc4ODhiODFjNDYyZjE0OTczYjI4ZWJjMmRkNDE2OThkNGYxNWYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 25c28e548968ba22257dec0326a38dc02f324e44e027e5266474420986c77009

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
last-modified: Tue, 11 Aug 2020 15:26:59 GMT
content-type: image/webp
status: 200
cache-control: max-age=1173560
x-traceid: c46aa0b5230a9ebfd68e6fa5b9fc47a7
timing-allow-origin: *
content-length: 50302

GET
H/1.1 204
No Content b
sb.scorecardresearch.com/ 0
528 B 182ms
101ms Image
text/plain 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6035308&c3=&c5=Ransomware&c6=Article%3A%20Feature&c15=3574907&ns__t=1601039778296&ns_c=UTF-8&cv=3.5&c8=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&c7=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&c9=https%3A%2F%2Ft.co%2FchVwWS4jhn
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:18 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
r.skimresources.com/api/ 187 B
447 B 207ms
89ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/111346X1569475.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

openresty/1.11.2.5 /

Resource Hash

6462feb1cbb3a001c02640a27145382a19a639cf0263ed50dd90a3b2c7e8b202

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: application/json
alt-svc: clear
via: 1.1 google

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 6 KB
2 KB 83ms
77ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=84c7e805-5ce9-41f4-b988-3529488bab1c
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: 7fb03cf71cc816b356583c7c1fc0ccaf41a4c92976940a840db17e6b8bcfb91c

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
server: Permutive
status: 200
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.csoonline.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 1474
via: 1.1 google

GET
H2 200 LIgcEqx3EeidKgpVuA4vVw.json Show response
entitlements.jwplayer.com/ 50 B
129 B 121ms
38ms XHR
application/json 152.199.22.243
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://entitlements.jwplayer.com/LIgcEqx3EeidKgpVuA4vVw.json
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.22.243 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6CC3) /
Resource Hash: 4e79c52a8e8d4f7c4eb7792ac9865e6d4cd664717e584640a145b928dad1c062

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
last-modified: Fri, 25 Sep 2020 11:19:40 GMT
server: ECAcc (mil/6CC3)
age: 6998
status: 200
vary: Accept-Encoding
x-cache: HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=1800, s-maxage=20340
accept-ranges: bytes
content-length: 66

GET
H3-Q050 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 296 KB
102 KB 97ms
15ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:18 GMT

GET
H2 200 kdS0ziGj.png
assets-jpcust.jwpsrv.com/watermarks/ 5 KB
4 KB 87ms
6ms Image
image/png 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-jpcust.jwpsrv.com/watermarks/kdS0ziGj.png
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2247915f698afa2d7cf55b68b3676414357432f58703f279aedf25d011df8a69

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
age: 675
x-cache: HIT, HIT
status: 200
content-length: 4077
x-served-by: cache-bwi5141-BWI, cache-hhn4024-HHN
access-control-allow-origin: *
last-modified: Tue, 07 Apr 2020 17:25:14 GMT
server: nginx
x-timer: S1601039779.970570,VS0,VE0
etag: "0d62cb976f2d16ae0b57a2f26c72ea5d"
vary: Accept-Encoding
content-type: image/png
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 1, 2

GET
H2

200

yknHyery.vtt Show response
assets-jpcust.jwpsrv.com/tracks/
Redirect Chain

https://cdn.jwplayer.com/tracks/yknHyery.vtt
https://assets-jpcust.jwpsrv.com/tracks/yknHyery.vtt

38 KB
13 KB

12ms
10ms

XHR
text/vtt

2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-jpcust.jwpsrv.com/tracks/yknHyery.vtt
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c999de3c61bdb3214454af6f60c9c487595bac5dc7388a3e23a2ae5a860ccb11

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
age: 121
x-amz-server-side-encryption: AES256
x-cache: MISS, HIT
status: 200
access-control-max-age: 180
content-length: 13555
x-served-by: cache-bwi5148-BWI, cache-hhn4061-HHN
access-control-allow-origin: *
last-modified: Wed, 29 Jul 2020 21:27:46 GMT
server: nginx
x-timer: S1601039781.664559,VS0,VE0
etag: "283c8add2fea48ea0a504bc6aaa6bb52"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/vtt
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 0, 2

Redirect headers

date: Fri, 25 Sep 2020 13:14:19 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
server: openresty
age: 120
status: 301
location: https://assets-jpcust.jwpsrv.com/tracks/yknHyery.vtt
x-cache: Hit from cloudfront
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: VIE50-C1
content-length: 178
x-amz-cf-id: XfQ7r1Y8KEe2NkxBzgbc8Q0GShpL6tbMht8uMNedVTeeRobwTP2chw==

GET
H2 200 polyfills.webvtt.js Show response
ssl.p.jwpcdn.com/player/v/8.17.5/ 10 KB
4 KB 27ms
6ms Script
application/javascript 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.17.5/polyfills.webvtt.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42c6222ad0028f65f9b76df8c3b7b19d695ed549a530a3ce40e47824b1e9cf09

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:18 GMT
content-encoding: gzip
age: 332579
x-cache: HIT
status: 200
content-length: 4374
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 18 Sep 2020 21:35:35 GMT
server: AmazonS3
x-timer: S1601039779.986371,VS0,VE0
etag: "04bba9d66aa5096e10e8a1d008c94940"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 9539

GET
H2

200

z8f8K3bE-120.vtt Show response
assets-jpcust.jwpsrv.com/strips/
Redirect Chain

https://cdn.jwplayer.com/strips/z8f8K3bE-120.vtt
https://assets-jpcust.jwpsrv.com/strips/z8f8K3bE-120.vtt

5 KB
1 KB

10ms
8ms

XHR
text/vtt

2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-jpcust.jwpsrv.com/strips/z8f8K3bE-120.vtt
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 436dca4fb220a60f8af499d51e85410297bebe01265faf24a1e735f34d4706a5

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
age: 121
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
status: 200
content-length: 977
x-served-by: cache-bwi5146-BWI, cache-hhn4061-HHN
access-control-allow-origin: *
last-modified: Wed, 29 Jul 2020 20:43:09 GMT
server: nginx
x-timer: S1601039781.664545,VS0,VE0
etag: "4b225daf4804d19ad271d88d68eb2968"
vary: Accept-Encoding
content-type: text/vtt
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 1, 2

Redirect headers

date: Fri, 25 Sep 2020 13:14:19 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
server: openresty
age: 120
status: 301
location: https://assets-jpcust.jwpsrv.com/strips/z8f8K3bE-120.vtt
x-cache: Hit from cloudfront
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: VIE50-C1
content-length: 178
x-amz-cf-id: xoPkd5uQzJKGBnD7ESZLTuGR07ljRg0PfTT6tRy0_Hbt7GC91Q9OOg==

GET
H2

200

e2n1o0kt-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/
Redirect Chain

https://cdn.jwplayer.com/v2/media/z8f8K3bE/poster.jpg?width=720
https://assets-jpcust.jwpsrv.com/thumbnails/e2n1o0kt-720.jpg

53 KB
45 KB

33ms
17ms

Image
image/jpeg

2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-jpcust.jwpsrv.com/thumbnails/e2n1o0kt-720.jpg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4541530cb29a2ada1633e89da683349daa9792860aa80171e4c8fddf70998fcf

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:19 GMT
content-encoding: gzip
age: 152
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
status: 200
content-length: 45887
x-served-by: cache-bwi5141-BWI, cache-hhn4024-HHN
access-control-allow-origin: *
last-modified: Wed, 29 Jul 2020 20:48:36 GMT
server: nginx
x-timer: S1601039780.548357,VS0,VE0
etag: "7b89e63a7932ac2e4aeefaf5daa13759"
vary: Accept-Encoding
content-type: image/jpeg
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
accept-ranges: bytes
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits: 1, 2

Redirect headers

date: Fri, 25 Sep 2020 13:14:19 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
server: openresty
age: 120
status: 302
location: https://assets-jpcust.jwpsrv.com/thumbnails/e2n1o0kt-720.jpg
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
x-cache: Hit from cloudfront
x-amz-cf-pop: VIE50-C1
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
content-length: 0
x-amz-cf-id: VjHaSiuwk2_q28Ku1y-w2tFDYfPGX7qrugN_KpXFGzK7TxOOVmvM5A==

GET
H2 200 btn-play-default.svg
idge.staticworld.net/idgtv/ 1 KB
2 KB 181ms
44ms Image
image/svg+xml 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/idgtv/btn-play-default.svg
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3208c96177b7053855574338b4f374864c84450a2bb498d257f96b24fa89228a

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 59aOSMAOZ.swyLJWWE0LGhyzKU_fOIKo
via: 1.1 varnish
etag: "4801095ec3a1666b5c86deb4e4a5e98d"
age: 912
x-cache: HIT
status: 200
content-length: 1519
x-amz-id-2: VAC0oWc+tfSGv3uhF/oIuZVQqL6Mr6obS0vvPclJk/+SGn0hfUBU9BGhC+ORG3l8h7axLx+MRh0=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:10:04 GMT
server: AmazonS3
x-timer: S1601039779.239655,VS0,VE0
date: Fri, 25 Sep 2020 13:16:19 GMT
x-amz-request-id: 7E5313F88A6C6985
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 4

GET
H/1.1 200
OK / Show response
api3847.d41.co/api/ 1 KB
2 KB 279ms
155ms XHR
application/json 34.200.67.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api3847.d41.co/api/?req=api3847&form=json

Requested by

Host: cdn-0.d41.co
URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.67.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

d7849677344c719d26e0945e57ae7bdaad94d88733aad303ee96d8d1f933ce9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:19 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/json
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-control: no-store
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 1325
X-XSS-Protection: 1; mode=block

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame BF32 0
21 B 263ms
130ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmnFqweSmYPzp84Vzqy7JGZmympK1SOip_uEaqQcQxXMnPWOd2_V8rSLrP3-cmt47pw1mrAS0SFSILqIk5SUts6uyuO4NWxTXKIyQ5GxA7dfnFqBTj1vKW3fYXrCaua4ZExWqT-2h4zi2TFALQcEJrTdUzIm3K4SR8OT-QNLZvpGUFXKTTM4V9zoLHmMWNemADBKGrsdeNWYsAw8vix3Z_IDXCHtJbKVYHGSLaYxeZyI37IkmIT8KJJM4qmBJAqYfQubrUdJMG7A9Ke-B43DCHK2NpPoIlaAjYOi02o8_m&sig=Cg0ArKJSzJ-vMEb9ubyNEAE&adurl=

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BF32 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 961da481cfeabce04da7810a88e8edb114f276b64efe564c557d655601ccb368

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK validate Show response
pixelconnector.adready.com/ 206 B
824 B 920ms
706ms XHR
application/json 172.67.36.86
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixelconnector.adready.com/validate?advertiser=IDGCSOONLINE
Requested by: Host: tracker.adreadyclick.com
URL: https://tracker.adreadyclick.com/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.36.86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ada87e3aeb2337b8a7c56ea1b960418fc0bb0c753f86f0e49eb580c3e406c501

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:20 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.csoonline.com
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 5d8504deb857c83f-AMS
cf-request-id: 0567015f340000c83f3a07a200000001

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED72 0
21 B 153ms
90ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvje_MQCl9RQlNXfy2cXP-UW9Kg4hz7sCvTXGwRS7iF0dwdhkfGvMHHwjiaLNOJJ8jq0xKNE6uJrWLKg6qP4OzuZXWMR07g7kipZuFv3dNaxRcSURXylokCfBAnC-zTOWRgnOkMkiM_fFmwoBCiGJGnziQVn-hnQo9vLs2HLeDUv7E81n-c5lwL61IVlweRsVaNliWcl_BuHk5CtyJM4yxnnbq89Bo0wvi-5vFy-zQJYTvzmcU0gLLXOA7Ns4Ss28O8fUrNCcSY-X6ozzacYcDPhXLjJkoGsdQgBE2oRtWM&sig=Cg0ArKJSzJvs4GHtRw8REAE&adurl=

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:19 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame ED72 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdbad87c5d0c58d704b876a4eabf35d5e718e60a8c246699d518a3b27d77226c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 206
Partial Content 39d5002d-c7f2-448e-a928-cd952b3c7f7f
https://www.csoonline.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.csoonline.com/39d5002d-c7f2-448e-a928-cd952b3c7f7f
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 init.js Show response
www.dwin2.com/ 6 KB
3 KB 81ms
58ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dwin2.com/init.js
Requested by: Host: www.dwin2.com
URL: https://www.dwin2.com/pub.531979.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 243665ad31c64d282886b90bdae96bedec86a8e63ee58c0ee098be426ee3c4b2

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:19 GMT
content-encoding: gzip
age: 596
x-cache: HIT, HIT
status: 200
x-cache-hits: 1, 279
content-length: 2874
x-served-by: cache-lcy19233-LCY, cache-hhn4040-HHN
last-modified: Fri, 25 Sep 2020 13:06:23 GMT
server: nginx
x-timer: S1601039780.561094,VS0,VE0
etag: "5f6deb4f-17c4"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=600
accept-ranges: bytes
expires: Fri, 25 Sep 2020 13:16:23 GMT

GET
H2 200 collect
px.ads.linkedin.com/ 0
58 B 136ms
131ms Image
application/javascript 2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=259747%2C929234&time=1601039779722&url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:19 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: HHokbjIJOBZAe9Q8vCoAAA==

GET
H2 200 main.gr.19.8.130.js Show response
static.adsafeprotected.com/ Frame 6379 175 KB
56 KB 35ms
34ms Script
application/javascript 2600:9000:2182:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.130.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=8879&campId=300x250&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316265903&pubOrder=2716295266&cb=198793054&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5712-ff31-11ea-af1a-067dc49a95c9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0191d915c103f60435b09b2db123d75448172ba345544a00526512459b4e82fd

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:04:06 GMT
content-encoding: gzip
age: 767534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Wed, 16 Sep 2020 15:48:14 GMT
server: AmazonS3
etag: W/"a0f0bc329cea96757043c103a1d0d10e"
vary: Accept-Encoding
x-amz-version-id: A1DeedaP8jSgF8f.g4SHuVRoa.bJWfow
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: TLe1yh2kvh0c2pjba5Cff6bNaTNtluKIMkRyHaYNVsNt4mdG0nkkFQ==

GET
H2 200 main.gr.19.8.130.js Show response
static.adsafeprotected.com/ Frame D2F0 175 KB
56 KB 38ms
34ms Script
application/javascript 2600:9000:2182:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.130.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=8879&campId=728x90&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316865667&pubOrder=2716295266&cb=1233533998&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5711-ff31-11ea-af1a-067dc49a95c9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0191d915c103f60435b09b2db123d75448172ba345544a00526512459b4e82fd

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 16:04:06 GMT
content-encoding: gzip
age: 767534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Wed, 16 Sep 2020 15:48:14 GMT
server: AmazonS3
etag: W/"a0f0bc329cea96757043c103a1d0d10e"
vary: Accept-Encoding
x-amz-version-id: A1DeedaP8jSgF8f.g4SHuVRoa.bJWfow
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: MbHof-8EA61f_1RLV7RtIoax6yjLvmvzQG4m6YIZ84tcLsuJFMfnlQ==

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
57 B 12ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=526482632&t=pageview&_s=1&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&dr=https%3A%2F%2Ft.co%2FchVwWS4jhn&ul=en-us&de=UTF-8&dt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SCDAAEAjAIAG~&jid=&gjid=&cid=1868339700.1601039774&uid=&tid=UA-300704-9&_gid=1876702038.1601039778&gtm=2wg9g1WR6LD2P&cg1=ransomware&cg2=feature&cg3=Lucian%20Constantin&cg4=article&cg5=us&cd1=false&cd2=&cd3=&cd4=notapplicable&cd7=0&cd8=1&cd9=production&cd10=cso%20online&cd11=US&cd12=enterprise&cd13=false&cd14=&cd15=Web&cd16=&cd17=ransomware&cd18=4046&cd19=ransomware%2C%20cybercrime%2C%20security&cd20=4046%2C3856%2C2206&cd21=&cd22=&cd23=&cd24=&cd25=&cd26=feature&cd27=3574907&cd28=article&cd29=Lucian%20Constantin&cd30=cso&cd31=false&cd32=&cd33=&cd34=&cd35=&cd36=&cd37=false&cd38=1&cd39=2020-09-22&cd40=2020-09-22&cd41=2&cd42=2&cd43=true&cd44=false&cd45=&cd46=false&cd47=&cd48=&cd49=&cd50=&cd51=&cd52=&cd53=71&cd54=71%2C%20944%2C%20941&cd55=&cd56=&cd58=&cd59=&cd60=&cd79=us&cd80=global&cd81=false&cd82=false&cd84=&cd104=false&z=1262145030

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Sep 2020 14:28:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 82098
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 compromise.min.js Show response
plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/lib/ 245 KB
82 KB 40ms
40ms Script
text/javascript 99.86.7.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/lib/compromise.min.js
Requested by: Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-51.fra6.r.cloudfront.net
Software: - /
Resource Hash: 33d45c56f2260f6d35c758930610b52b9c67b16d02e694eeb3ca5b0f4291736b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:19 GMT
content-encoding: gzip
age: 378
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Tue, 09 Jun 2020 06:39:22 GMT
server: -
etag: "3d29a-5a7a0fce004f8-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: zB7e-rJO0CceQ-oSXTYy2UN4Nj8zTFeThyFE9USTUvmfWBWbgmeNuQ==
expires: Fri, 25 Sep 2020 14:10:02 GMT

GET
H2 200 stopwords.js Show response
plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/ 7 KB
3 KB 57ms
57ms Script
text/javascript 99.86.7.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/stopwords.js
Requested by: Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-51.fra6.r.cloudfront.net
Software: - /
Resource Hash: f8158f2dfb4c7e7376c37298b1194bd0c44d31486a9ad9910218d3e9e79fe22a

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 12:57:54 GMT
content-encoding: gzip
age: 1108
x-cache: Hit from cloudfront
status: 200
content-length: 2295
access-control-allow-origin: *
last-modified: Tue, 09 Jun 2020 06:39:22 GMT
server: -
etag: "1a72-5a7a0fcde9d98-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: 3mkZ0BMDkyDLavN5pg_2Bfw2PbgZuMPsleMujV66Uss365QYK2g35A==
expires: Fri, 25 Sep 2020 13:57:52 GMT

GET
H2 200 textrank.js Show response
plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/ 1 KB
1 KB 57ms
56ms Script
text/javascript 99.86.7.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/textrank.js
Requested by: Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-51.fra6.r.cloudfront.net
Software: - /
Resource Hash: a69ce1873c66db872d764431fa2bb8a544f96935fc646ce57afeba2427be4079

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 12:52:35 GMT
content-encoding: gzip
age: 1438
x-cache: Hit from cloudfront
status: 200
content-length: 648
access-control-allow-origin: *
last-modified: Tue, 09 Jun 2020 06:39:22 GMT
server: -
etag: "564-5a7a0fcdef770-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: 6C1ovEHWNTN5UAwyJWjQIHGnyQQf15UnUYH0aiQhImSPGa1j75fbng==
expires: Fri, 25 Sep 2020 13:52:22 GMT

GET
H2 200 stemmer.js Show response
plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/ 2 KB
1 KB 56ms
55ms Script
text/javascript 99.86.7.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins.blueconic.net/listener_interest_ranker/1.3.3/frontend/src/js/stemmer.js
Requested by: Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.51 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-51.fra6.r.cloudfront.net
Software: - /
Resource Hash: 8187e19c2761d268d113334fe299b74b57d3edd273f32cd868862a7583a7c2e6

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:02:28 GMT
content-encoding: gzip
age: 1527
x-cache: Hit from cloudfront
status: 200
content-length: 817
access-control-allow-origin: *
last-modified: Tue, 09 Jun 2020 06:39:22 GMT
server: -
etag: "878-5a7a0fcddfd70-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: AxPWE-eePUKUJUz4cImVW7oXeSedph4GdoQnsGXdrESJPYPr5Zmb6Q==
expires: Fri, 25 Sep 2020 13:50:53 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 195 B
850 B 153ms
152ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A20%2B02%3A00&ts=1601039780167

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

60dd5519f650093569e182129a76fbb5ba46877ab10359d0f3427bec56480c3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 117
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 401 B
257 B 75ms
51ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=84c7e805-5ce9-41f4-b988-3529488bab1c
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: f185a76f3a9c1efb29447aaa2fd02ff4aab140b80fca9a589a9bb94db2fb0058

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
server: Permutive
status: 200
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.csoonline.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 188
via: 1.1 google

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 5 KB
3 KB 276ms
275ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A20%2B02%3A00&ts=1601039780410

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

3f1c2608a472ebb389c04f6e551d559fedad5b4eb7c6abda69c6955ea5f8e560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 2151
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 5 KB
3 KB 282ms
282ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A20%2B02%3A00&ts=1601039780411

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

7255d77d8f92c8fd907f956813a78976aac99aa025ff9f60e2e055f026c9f6cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 2152
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 5 KB
3 KB 289ms
287ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A20%2B02%3A00&ts=1601039780413

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

cc2b3c7e22b8495a9ee9c181ea842903f2440410ae5e21431f0da37f484b971b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 2151
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 22 KB
7 KB 266ms
266ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A20%2B02%3A00&ts=1601039780415

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

212779b61346c660425c56864c24405ed7dd8ee68604df00f3952a852be2518d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 6300
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK / Show response
api.ipify.org/ 24 B
258 B 698ms
697ms XHR
application/json 54.204.14.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: tracker.adreadyclick.com
URL: https://tracker.adreadyclick.com/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.14.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: b6bd0e2ebcb4e0a35e3b4c07f647976dc8a37088de6887bb1ac47fb46452f4e4

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:21 GMT
Via: 1.1 vegur
Server: Cowboy
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.csoonline.com
Connection: keep-alive
Content-Length: 24

POST
H3-Q050 200 collect
www.google-analytics.com/ 35 B
80 B 95ms
95ms Other
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vttparser.js Show response
ssl.p.jwpcdn.com/player/v/8.17.5/ 5 KB
2 KB 57ms
51ms Script
application/javascript 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.p.jwpcdn.com/player/v/8.17.5/vttparser.js
Requested by: Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/libraries/8yHZorDV.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d8647c55fd1fd7fb41308e532011e690ece20f06ada20447f7ac88ac0d8099ef

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:20 GMT
content-encoding: gzip
age: 332579
x-cache: HIT
status: 200
content-length: 2146
via: 1.1 varnish
x-served-by: cache-hhn4024-HHN
last-modified: Fri, 18 Sep 2020 21:35:37 GMT
server: AmazonS3
x-timer: S1601039781.910109,VS0,VE0
etag: "4711d6aac36e654e614258eed5141479"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000, immutable
accept-ranges: bytes
x-cache-hits: 10184

GET
H2 200 528995260596026 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 14ms
12ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/528995260596026?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

461359154ace9984b2315dd397ffb512d05f0bd691b7525d7e4f565f0d7ced0c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134876
x-xss-protection: 0
pragma: public
x-fb-debug: nGxFteGdONzsfupCFwCdX1jEX2Xkcz12rP/sUL5ZWcDsMJ67elmyS+SxU6MAdTVtACpNlBREZo/6DjhzAntThg==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:16:20 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK getDocFeatures Show response
videoclientsservicescalls.outbrain.com/ 921 B
668 B 529ms
133ms Script
text/html 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://videoclientsservicescalls.outbrain.com/getDocFeatures?docId=3063985227&pubId=28429&callback=OB_VidgetServiceCallBack0
Requested by: Host: libs.outbrain.com
URL: https://libs.outbrain.com/vidget/vidget.js?e=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 28ed0810fc5df0bf792ce1e3bdc5aac6a7280d3678bf7cbb58d9e698c8988753

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:21 GMT
Content-Encoding: gzip
ETag: W/"399-ZBUEQY/cgyiHyJliITywdFxHjfU"
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Connection: close
X-TraceId: 1c81330e888b91e9e59a1af001d74e08

GET
H2 200 get Show response
mv.outbrain.com/Multivac/api/ 39 KB
10 KB 263ms
262ms Script
application/json 151.101.114.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&settings=true&recs=true&widgetJSId=AR_1&key=NANOWDGT01&version=200089&apv=false&sig=qqxG8eVs&format=html&rand=17482&lsd=138589f1-0eee-495e-9069-7e533867e433&lsdt=1601039778971&pdobuid=0&osLang=en-US&va=true&et=true&cmpStat=1&ccpa=1---&ccpaStat=1&scrW=1600&scrH=1200&t=YTBhZmQ4NDA5YjFmNTRkMjlmM2E2NTk3NWZmZTdiYmI=&winW=1600&winH=1200&adblck=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=no_abtest&ref=https%3A%2F%2Ft.co%2FchVwWS4jhn&dpr=1
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/200089/module/streamFeed.js?e=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4df1646c37606f95b7cb5a140723c25f6d4cd2b793c7404615c3b5cdfbf60f66

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:21 GMT
content-encoding: gzip
traffic-path: CHIDC2, MDW, HHN, Europe2
x-cache: MISS, MISS
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
status: 200
x-cache-hits: 0, 0
x-traceid: be0b324b7e21a51246bf3db0070d1fdf
content-length: 9492
x-served-by: cache-mdw17343-MDW, cache-hhn4036-HHN
pragma: no-cache
x-timer: S1601039781.014740,VS0,VE211
vary: Accept-Encoding, User-Agent
content-type: application/json; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
cache-control: no-cache
backend-ip: 157.52.75.43
accept-ranges: bytes, bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
88 B 97ms
96ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/111346X1569475.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.csoonline.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
88 B 55ms
54ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/111346X1569475.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.csoonline.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BF32 42 B
612 B 65ms
65ms Image
image/gif 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBWtGKIqVSJkTzAkvdV8vkpWLLykPby8PecbR1b9HxSY0LSHfUZ3wKMJXhsc_YDrrkKpykFOvudP7e5Qt3w-oSnzxXgqpDBdZH0vPOMKY&sig=Cg0ArKJSzAZbGxwtbRqSEAE&adk=1545592250&tt=-1&bs=1600%2C1200&mtos=1349,1349,1349,1349,1349&tos=1349,0,0,0,0&p=460,436,550,1164&mcvt=1349&rs=0&ht=0&tfs=413&tls=1762&mc=1&lte=-1&bas=0&bac=0&met=mue&avms=nio&niot_obs=49&niot_cbk=404&md=2&btr=0&cpmav=0&lm=2&rst=1601039777196&dlt&rpt=2989&isd=0&msd=0&xdi=0&rxlist=1&ps=1600%2C3116&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-5-40-4-4-0-0-0&tvt=1724&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&r=v&id=osdim&vs=4&uc=5&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=728x90&itpl=3&v=20200923

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame E54D 0
0 56ms
8ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 239644
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
10 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:21 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 98 B
840 B 144ms
143ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A21%2B02%3A00&ts=1601039781398

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

5efe0a445a0d7ec5c97d29d97a08a6533fd4dc588d7b20197cbe2133b0136153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 109
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 195 B
846 B 151ms
151ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A21%2B02%3A00&ts=1601039781407

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

0a26431c59babc971eb06e7b25012846d70e1296b3110951275846ba2c7efbc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 117
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 95B1 81 KB
22 KB 33ms
33ms Script
application/javascript 2600:9000:2182:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 08:42:12 GMT
content-encoding: gzip
age: 2435649
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
etag: W/"e456dd0e5be3c2494dd734db6c5b965c"
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: pYSFp2zeziTIoajnVVFmmE3EKb9NIKVHIZmY2_A624lH7-7SzxOdzA==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 92ms
88ms Image
image/gif 52.215.225.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=8879&campId=300x250&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316265903&pubOrder=2716295266&cb=198793054&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5712-ff31-11ea-af1a-067dc49a95c9&adsafe_url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&adsafe_type=abdfq&adsafe_jsinfo=,id:29bc5084-947f-81fa-8fb6-1503de46bf3a,c:pkwrYi,sl:inView,em:true,fr:true,mn:app36ie,pt:1-5-15,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,fm:sbBBKKS+11|12|13|14|151|16*.8879|161|17|18|19|1a,idMap:16*,pl:,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:1749,oid:4be5e7b3-ff31-11ea-af1a-067dc49a95c9,v:19.8.130,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.225.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
x-server-name: app19.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame F188 81 KB
22 KB 33ms
33ms Script
application/javascript 2600:9000:2182:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 08:42:12 GMT
content-encoding: gzip
age: 2435649
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
etag: W/"e456dd0e5be3c2494dd734db6c5b965c"
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-C1
content-type: application/javascript
x-amz-cf-id: _D0zjFM8fXCTowf23Tkkx7Tn05JQA0Z8Q5FpGKAdKCYFN8XGNJW9TQ==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 84ms
83ms Image
image/gif 52.215.225.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=8879&campId=728x90&pubId=4413178691&chanId=21821124569&placementId=5416385717&pubCreative=138316865667&pubOrder=2716295266&cb=1233533998&custom=ATF1&custom2=csoonline.com&adsafe_par&impId=49cc5711-ff31-11ea-af1a-067dc49a95c9&adsafe_url=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&adsafe_type=abdfq&adsafe_jsinfo=,id:9fe26884-9f12-64f3-b193-6ac3ee118652,c:pkws0I,sl:inView,em:true,fr:true,mn:app16ie,pt:1-5-15,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,fm:sbBBKLe+11|12|13|14|15*.8879|151|161|162|17|18|19|1a,idMap:15*,pl:,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:1868,oid:4be5e765-ff31-11ea-8113-067f141e2336,v:19.8.130,sp:1,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.225.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
x-server-name: app35.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame ED72 42 B
65 B 40ms
39ms Image
image/gif 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGYxeuFuAu0VigSIN-5PVVpsbRvZONp-RYXBjxckAS6BJ4U2Ojjd2uDPb4AJtQkopFXXoCi9LtQ8H-hBtJ7-lYrfUE6TTUGsPyUNKGaZM&sig=Cg0ArKJSzKxGaTD-u1u8EAE&adk=1223532631&tt=-1&bs=1600%2C1200&mtos=1414,1414,1414,1414,1414&tos=1414,0,0,0,0&p=682,985,932,1285&mcvt=1414&rs=0&ht=0&tfs=466&tls=1880&mc=1&lte=-1&bas=0&bac=0&met=mue&avms=nio&niot_obs=12&niot_cbk=167&md=2&btr=0&cpmav=0&lm=2&rst=1601039777199&dlt&rpt=3228&isd=0&msd=0&xdi=0&rxlist=1&ps=1600%2C3185&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-5-3-4-4-0-0-0&tvt=1879&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&r=v&id=osdim&vs=4&uc=5&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=300x250&itpl=3&v=20200923

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 522ms
185ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkws1O,pingTime:0,time:1958,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1959,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[336~100],as:[336~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt23dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 536ms
191ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkws25,pingTime:0,time:1953,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1953,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[165~100],as:[165~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt44dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 501ms
166ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkws2j,pingTime:-2,time:1989,type:a,im:{sf:0,pom:1,prf:{beA:2622,beZ:2624,mfA:4233,cmA:4235,inA:4235,inZ:4292,prA:4292,prZ:4334,si:4370,poA:4371,poZ:4419,cmZ:4419,mfZ:4419,loA:4582,loZ:4587,ltA:4607,ltZ:4607}},sca:{dfp:{df:4,sz:300.250,dom:div}},env:{gca:true,cca:true,ccd:{version:1,uspString:1---},gca2:true,gcd2:{appl:0,cnst:na}},clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1989,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[366~100],as:[366~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs,slid:[google_ads_iframe_/8456/IDG.G_B2B_CSOOnline.com/security_section_4,google_ads_iframe_/8456/IDG.G_B2B_CSOOnline.com/security_section_4__container__,topimu,drr-top-ad,page-wrapper],sinceFw:236,readyFired:true}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt38dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 513ms
179ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkws2m,pingTime:-2,time:1970,type:a,im:{sf:0,pom:1,prf:{beA:2707,beZ:2712,mfA:4493,cmA:4493,inA:4493,inZ:4496,prA:4496,prZ:4527,si:4574,poA:4575,poZ:4593,cmZ:4593,mfZ:4593,loA:4660,loZ:4663,ltA:4676,ltZ:4676}},sca:{dfp:{df:4,sz:728.90,dom:div}},env:{gca:true,cca:true,ccd:{version:1,uspString:1---},gca2:true,gcd2:{appl:0,cnst:na}},clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1970,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[183~100],as:[183~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs,slid:[google_ads_iframe_/8456/IDG.G_B2B_CSOOnline.com/security_section_3,google_ads_iframe_/8456/IDG.G_B2B_CSOOnline.com/security_section_3__container__,topleaderboard,viewabilityAdUnit,viewabilityAdContainer,page-wrapper],sinceFw:102,readyFired:true}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt96dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 550ms
202ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkws3t,time:2039,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:2039,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[251~100],as:[251~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 549ms
201ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkws3u,time:2062,type:e,env:{ar:self.0},es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:2062,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[439~100],as:[439~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:22 GMT
X-Server-Name: dt40dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H2 200 events Show response
api.permutive.com/v2.0/batch/ 201 B
208 B 68ms
51ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=84c7e805-5ce9-41f4-b988-3529488bab1c
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/f5b3be27-f789-4ef1-8867-37c67da5b361-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Permutive /
Resource Hash: caf6c9923c60fce46c190511fee65a8078c39fc4a5fb3b6d5b75f2e66f5fc532

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:22 GMT
content-encoding: gzip
server: Permutive
status: 200
vary: Origin,Access-Control-Request-Method
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: https://www.csoonline.com
access-control-expose-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
alt-svc: clear
content-length: 140
via: 1.1 google

GET
H2 204 ping.gif
prd.jwpltx.com/v1/jwplayer6/ 0
49 B 190ms
104ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=1429156744&e=e&n=0250513758791464&abc=0&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&cae=0&cb=0&cdid=bottomRightPlayer&cme=1&dd=0&flc=0&fv=&ga=0&lng=en&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2Fz8f8K3bE.m3u8&pbc=0&pd=2&pdr=https%3A%2F%2Ft.co%2FchVwWS4jhn&plng=en&plt=14200&pni=0&po=0&pogt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions&sp=0&st=3490&sa=1601039782402
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:22 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H2 204 ping.gif
prd.jwpltx.com/v1/jwplayer6/ 0
26 B 191ms
105ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-240668341&e=pa&n=4389557051461981&abc=0&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&cme=1&fed=xAPwXviG&fid=f1b09a30-7530-461a-9000-a7b0a1818eb7&flc=0&lng=en&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2Fz8f8K3bE.m3u8&pd=2&pdr=https%3A%2F%2Ft.co%2FchVwWS4jhn&plng=en&pni=0&pogt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions&pr=2&tb=0&vd=1885&sa=1601039782402
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:22 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
26 B 180ms
105ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=1076606315&e=ar&n=5845676941604026&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&apt=1&rtp=%7B%7D&sa=1601039782402
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:22 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H2 200 f61317a3d1cd6a90f37195c8616a801f Show response
idg.blueconic.net/templates/ 339 KB
45 KB 160ms
143ms Script
text/javascript 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/templates/f61317a3d1cd6a90f37195c8616a801f

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

d4e62450d6486976b2fe98d3e97b3c46e478e20e89e049924220c1c8e252849f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 13:16:22 GMT
server: -
etag: f61317a3d1cd6a90f37195c8616a801f
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: public, max-age=31536000
content-type: text/javascript; charset=utf-8
content-length: 45857
x-xss-protection: 1; mode=block
expires: Wed, 01 Jan 2020 23:00:00 GMT

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 169 B
1 KB 338ms
333ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A22%2B02%3A00&ts=1601039782847

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

271c331b184bb2ee04608d947c44897554239ef0df773bf75d889e130deb2b83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 132
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cso-module-bg.png
idge.staticworld.net/cso/ 981 B
1 KB 73ms
66ms Image
image/png 151.101.194.165
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idge.staticworld.net/cso/cso-module-bg.png
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/www.idge.cso/css/article.css?v=20200924085942
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.165 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 333218e3819ed86435d75ec897ccc3620cb61010ce3cfc8c74c0ade22d942f7d

Request headers

Referer: https://www.csoonline.com/www.idge.cso/css/article.css?v=20200924085942
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: bM5PMw.kY7V.W2_0hz9tioNDUD2ZLdP2
via: 1.1 varnish
etag: "eda3be2ef21c85f54e5bb057f7bdcbe3"
age: 2171
x-cache: HIT
status: 200
content-length: 981
x-amz-id-2: OMB7eZeZMBBt5/eAeI+vlCTm5F06pmBNvmlH1RnpTLgCASkSCSmFPn1MzvMzHGl3LDKDrhg5l9A=
x-served-by: cache-hhn4033-HHN
last-modified: Tue, 27 Mar 2018 00:09:02 GMT
server: AmazonS3
x-timer: S1601039783.876903,VS0,VE0
date: Fri, 25 Sep 2020 13:16:22 GMT
x-amz-request-id: 61C7E078F24CD869
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/png
x-cache-hits: 2

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 265ms
167ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwsln,pingTime:1,time:3171,type:p,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3171,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1549~100],as:[1549~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1100,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 278ms
179ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwslo,pingTime:1,time:3172,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3172,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1549~100],as:[1549~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1100,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt40dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 277ms
179ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwslp,pingTime:1,time:3173,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3173,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1550~100],as:[1550~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1100,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs,metricId:publ1,cmr:t}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt44dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 273ms
174ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwslp,pingTime:1,time:3173,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3173,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1551~100],as:[1551~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1100,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs,metricId:grpm1,cmr:t}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt96dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 275ms
171ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwslu,pingTime:1,time:3156,type:p,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3156,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1368~100],as:[1368~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1101,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt38dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 276ms
167ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwslv,pingTime:1,time:3157,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3157,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1369~100],as:[1369~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1101,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt23dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 170ms
166ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwslv,pingTime:1,time:3157,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3157,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1369~100],as:[1369~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1101,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs,metricId:publ1,cmr:t}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt23dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 182ms
178ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwslw,pingTime:1,time:3158,type:c,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:3158,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[1370~100],as:[1370~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:1101,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs,metricId:grpm1,cmr:t}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:23 GMT
X-Server-Name: dt44dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 98 B
842 B 168ms
167ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A25%2B02%3A00&ts=1601039785310

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

93a3b18a992b46699ae6202a91ad3a170761f38875c59bdac24765c752a5f8d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 108
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK vpts.js Show response
static.vidazoo.com/basev/ 40 KB
11 KB 83ms
79ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/vpts.js
Requested by: Host: libs.outbrain.com
URL: https://libs.outbrain.com/vidget/vidget.js?e=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: cd8eb12655a8ddceb0cf2d593f6bb77a9b7fc22f3c96dce4ed400046564cdf2e

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:25 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Apr 2020 12:07:11 GMT
ETag: "1586174831"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=13635
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 10246
X-HW: 1601039784.dop202.pa1.t,1601039785.cds211.pa1.shn,1601039785.cds211.pa1.c

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
311 B 567ms
143ms XHR
text/plain 64.74.236.63
INTERNAP-BLK5

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=740edb5993d8f2eaa407a20626bae155_28429_1601039781117&tm=9263&eT=0&widgetWidth=970&widgetHeight=280&widgetX=315&widgetY=2735&tpcs=3&wRV=200089&pVis=0&lsd=138589f1-0eee-495e-9069-7e533867e433&eIdx=&ccpa=1---&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.63 , United States, ASN19024 (INTERNAP-BLK5, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:25 GMT
content-encoding: gzip
Content-Type: text/plain; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: content-range
Connection: close
X-TraceId: 62f38d69edf9cb67ed99e8a7ff6fdb9a
Content-Length: 28

GET
H/1.1 200
OK l Show response
mcdp-chidc2.outbrain.com/ 2 B
311 B 584ms
151ms XHR
text/plain 64.74.236.63
INTERNAP-BLK5

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-chidc2.outbrain.com/l?token=23ffb8ea024cff115a019cf4485ed9cb_28429_1601039781150&tm=9275&eT=0&widgetWidth=970&widgetHeight=404&widgetX=315&widgetY=3035&wRV=200089&pVis=0&lsd=138589f1-0eee-495e-9069-7e533867e433&eIdx=&ccpa=1---&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js?_=1601039766385
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.74.236.63 , United States, ASN19024 (INTERNAP-BLK5, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:25 GMT
content-encoding: gzip
Content-Type: text/plain; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: content-range
Connection: close
X-TraceId: 2dd3b495d8e05c0e3da52740127a9f84
Content-Length: 28

GET
H2 200 eyJpdSI6IjQ0NjM1NGE4NDIxYjVhYzYwYmJkYTIzNjJlM2Y4ZTcwZDhmYmU4OTI2YjJhNjQ0YjAwMDljZmNmOWUzY2VlOTYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 26 KB
26 KB 67ms
67ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQ0NjM1NGE4NDIxYjVhYzYwYmJkYTIzNjJlM2Y4ZTcwZDhmYmU4OTI2YjJhNjQ0YjAwMDljZmNmOWUzY2VlOTYiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b89d1392bc3470f6265f954af0cb9b555a9746649cc24736a7e8653c04b26eb5

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Thu, 24 Sep 2020 10:35:05 GMT
content-type: image/webp
status: 200
cache-control: max-age=2366328
x-traceid: 8b461449b0f23bdd649eec7558d1a222
timing-allow-origin: *
content-length: 26840

GET
H2 200 eyJpdSI6IjNhZjVhZDdlNTM1MmVkMjlmYWE2MTdlYjhkOTE4ZTgzMzQ0NDRmZTcxMjZlMDlhMzIxYmNjYWVkZmZjOGY1ZTQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 59 KB
59 KB 67ms
67ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjNhZjVhZDdlNTM1MmVkMjlmYWE2MTdlYjhkOTE4ZTgzMzQ0NDRmZTcxMjZlMDlhMzIxYmNjYWVkZmZjOGY1ZTQiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d1a4e9493646c43ede7dc75967c07c171e9f26d4e8db9ab945f863f1a221b590

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Mon, 07 Sep 2020 10:27:07 GMT
content-type: image/webp
status: 200
cache-control: max-age=897299
x-traceid: 9249c547171d33ef011077c20d50bc66
timing-allow-origin: *
content-length: 60040

GET
H2 200 eyJpdSI6ImNkNDM3NWQ4Njk4N2I3Njk2NWM3ZTk1Yjc1NGQ1OTIyZTE2ZTUyZDM0ZDI1NjZjMmZiNjVmMWU1YWEyMWJhNmEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 53 KB
54 KB 79ms
78ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImNkNDM3NWQ4Njk4N2I3Njk2NWM3ZTk1Yjc1NGQ1OTIyZTE2ZTUyZDM0ZDI1NjZjMmZiNjVmMWU1YWEyMWJhNmEiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 881717e560824371266b22adbb2731de265e074a93af1805d57dfbbfce4094ce

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Sat, 05 Sep 2020 00:55:07 GMT
content-type: image/webp
status: 200
cache-control: max-age=957807
x-traceid: 558c9495a8c41b8bdd84ddd187cdca5d
timing-allow-origin: *
content-length: 54644

GET
H2 200 eyJpdSI6ImIzZGM1ODliOWQ2YmY1NTcyYjRkOGQxYjYzZjY0OTBjZWIxYzY0NmFmMTNmMjEzZjJhNTNkOGRiN2QxMGJkNzIiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 45 KB
46 KB 80ms
80ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImIzZGM1ODliOWQ2YmY1NTcyYjRkOGQxYjYzZjY0OTBjZWIxYzY0NmFmMTNmMjEzZjJhNTNkOGRiN2QxMGJkNzIiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 26d583914f449a2fd4385d83b7a9e9b439c5e5c3c408fb566accb0eafec89c70

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Sun, 16 Aug 2020 02:21:31 GMT
content-type: image/webp
status: 200
cache-control: max-age=417312
x-traceid: e7997d0bdaf9d3f6673804f899309ca1
timing-allow-origin: *
content-length: 46384

GET
H2 200 eyJpdSI6IjczYTdhZjZhNzk5NWI1ZTNlYTgwNGZiYzY4NzFjMTJiNzM4OGEzNmZiNDk5ZmQ2MDMxOTExMzM0NDBmMmI1NTUiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 60 KB
60 KB 85ms
85ms Image
image/webp 95.100.198.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjczYTdhZjZhNzk5NWI1ZTNlYTgwNGZiYzY4NzFjMTJiNzM4OGEzNmZiNDk5ZmQ2MDMxOTExMzM0NDBmMmI1NTUiLCJ3Ijo0MDAsImgiOjMwMCwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.198.32 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-198-32.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 80e8a7ffe6b4e04e1dab4cc0b85ecd6008f6707bd4f3f03a42e1af8c39cb994c

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Wed, 26 Aug 2020 13:59:04 GMT
content-type: image/webp
status: 200
cache-control: max-age=330336
x-traceid: 7e64c652282f870595054bc46338f70d
timing-allow-origin: *
content-length: 61246

GET
H2 200 783301121827721 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 58ms
3ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/783301121827721?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b6c2c3758890555f89c07c92ac29cc634df476b26a90f2304e48b4b3fa643a49

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134882
x-xss-protection: 0
pragma: public
x-fb-debug: Ttc/LvFSbTTRPh27fNap+x8MiD9znhq+7XzPVfnjAiopxphRMBLMXDUthZGKKwPu05kSWoCl9ttcvp7LgKRnyw==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:16:25 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
123 B 66ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=PageView&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039785579&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:25 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 70ms
17ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=ViewContent&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039785647&sw=1600&sh=1200&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:25 GMT

GET
H2 200 recommendations Show response
idg.blueconic.net/rest/ 5 KB
2 KB 275ms
212ms Script
text/javascript 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/rest/recommendations?storeId=d90c9555-d728-4305-91b5-a476232189d4&profileId=3247f953-f015-47dd-b018-96ddd874be37&frequencyCap=3&itemId=www.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html&request=%5B%7B%22id%22%3A1584364933454%2C%22filters%22%3A%5B%22site%3A%5C%22CSO%20Online%5C%22%22%2C%22publicationDate%3E%3D2020-08-11T13%3A16%3A25.909Z%22%2C%22websiteedition%3A%5C%22UNITED%20STATES%5C%22%22%5D%2C%22boosts%22%3A%5B%7B%22value%22%3A3%2C%22algorithm%22%3A%22RECENCY%22%7D%2C%7B%22value%22%3A10%2C%22algorithm%22%3A%22SAME_CATEGORY%22%7D%5D%2C%22count%22%3A3%7D%5D&referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A25%2B02%3A00&callback=bc_json1036

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

248c395d359f5cef4fd1fd0da1a5003e9ac88ec8ca5f089a5d29c8d6521a208b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: no-cache, no-store, no-transform, must-revalidate, private
content-type: text/javascript;charset=utf-8
content-length: 1566
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK json Show response
server6.vidazoo.com/campaigns/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/ 55 KB
32 KB 597ms
303ms XHR
application/json 54.225.171.0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://server6.vidazoo.com/campaigns/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/json
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vpts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.171.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 446f686384245c64054c604dff543db93adb1b5a1186a476799a201a8f85b32e

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json; charset=UTF-8

Response headers

Date: Fri, 25 Sep 2020 13:16:26 GMT
Content-Encoding: gzip
Server: Cowboy
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
Content-Length: 31879
Via: 1.1 vegur

OPTIONS
H/1.1 200
OK json
server6.vidazoo.com/campaigns/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/ Frame 0
0 349ms
341ms Other 54.225.171.0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://server6.vidazoo.com/campaigns/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/json
Protocol: HTTP/1.1
Server: 54.225.171.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.csoonline.com
Sec-Fetch-Mode: cors

Response headers

Server: Cowboy
Connection: keep-alive
Access-Control-Allow-Origin: https://www.csoonline.com
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
Date: Fri, 25 Sep 2020 13:16:26 GMT
Content-Length: 0
Via: 1.1 vegur

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 226ms
200ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwtbb,pingTime:-10,time:6383,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220200000222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1601039786184||67454bf0585a84a709ac731eb4d8e894||71ff54ebddb1e090fbf173d96e2342c8||b25a3532c57d18586bb0d05aa740297d||1b7841d70b5deb691cde8ac80b42900d||858252d1deac26a2156f6b43319632fe||1a6a114ae3f9fee1f74afb057336c8d2||9cccc230dfc277d9c58fd2bae2ef6267||1576000828}
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:26 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 74ms
5ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=PageView&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786262&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 75ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=ViewContent&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786265&sw=1600&sh=1200&v=2.9.24&r=stable&ec=2&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 75ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=ViewContent&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786266&sw=1600&sh=1200&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 27ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786282&cd[segment_id]=11123&sw=1600&sh=1200&v=2.9.24&r=stable&ec=3&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 29ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786285&cd[segment_id]=11123&sw=1600&sh=1200&v=2.9.24&r=stable&ec=2&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 29ms
9ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786288&cd[segment_id]=11123&sw=1600&sh=1200&v=2.9.24&r=stable&ec=4&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 19ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786291&cd[segment_id]=11123&sw=1600&sh=1200&v=2.9.24&r=stable&ec=3&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 20ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786295&cd[segment_id]=10957&sw=1600&sh=1200&v=2.9.24&r=stable&ec=5&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 82ms
70ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786297&cd[segment_id]=10957&sw=1600&sh=1200&v=2.9.24&r=stable&ec=4&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 82ms
70ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786298&cd[segment_id]=20320&sw=1600&sh=1200&v=2.9.24&r=stable&ec=6&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 82ms
71ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=PermutiveSegmentEntry&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786300&cd[segment_id]=20320&sw=1600&sh=1200&v=2.9.24&r=stable&ec=5&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 83ms
71ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=528995260596026&ev=BlueConic&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786308&cd[bcsegments]=%5B%22CSO%20visitors%20(all%20editions)%22%2C%22Visited%20B2B%20dotcoms%20any%20edition%22%2C%22Has%20DUNS%20number%20with%20IP%22%2C%22IP%20address%22%2C%22Initial%20Export%20to%20Evienne%20US%20view%20-%20Delta%20-%20May%202%22%2C%22Insider%20Pro%20users%22%2C%22All%20Visitors%22%2C%22%5BBC%20DEV%5D%20Initial%20Export%20to%20Evienne%20US%20view%20-%20Delta%20-%20First%20Visited%22%2C%22Visited%20any%20B2B%20or%20Channel%20site%22%2C%22No%20Sponsor%22%2C%22Daily%20Export%20to%20Evienne%20US%20view%22%2C%22Initial%20Export%20to%20Evienne%20US%20view%20-%201%22%2C%22%5BTEST%5D%20Adestra%20NL%20signup%20POC%22%2C%22Placement%20ID%22%2C%22Visited%20B2B%20dotcom%20-%20any%20edition%22%2C%22Landed%20through%20campaign%22%2C%22All%20Visitors%20OpenText%20Enterprise%20Information%20Management%20-%22%5D&sw=1600&sh=1200&v=2.9.24&r=stable&ec=7&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 73ms
0ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=783301121827721&ev=BlueConic&dl=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&rl=https%3A%2F%2Ft.co%2FchVwWS4jhn&if=false&ts=1601039786310&cd[bcsegments]=%5B%22CSO%20visitors%20(all%20editions)%22%2C%22Visited%20B2B%20dotcoms%20any%20edition%22%2C%22Has%20DUNS%20number%20with%20IP%22%2C%22IP%20address%22%2C%22Initial%20Export%20to%20Evienne%20US%20view%20-%20Delta%20-%20May%202%22%2C%22Insider%20Pro%20users%22%2C%22All%20Visitors%22%2C%22%5BBC%20DEV%5D%20Initial%20Export%20to%20Evienne%20US%20view%20-%20Delta%20-%20First%20Visited%22%2C%22Visited%20any%20B2B%20or%20Channel%20site%22%2C%22No%20Sponsor%22%2C%22Daily%20Export%20to%20Evienne%20US%20view%22%2C%22Initial%20Export%20to%20Evienne%20US%20view%20-%201%22%2C%22%5BTEST%5D%20Adestra%20NL%20signup%20POC%22%2C%22Placement%20ID%22%2C%22Visited%20B2B%20dotcom%20-%20any%20edition%22%2C%22Landed%20through%20campaign%22%2C%22All%20Visitors%20OpenText%20Enterprise%20Information%20Management%20-%22%5D&sw=1600&sh=1200&v=2.9.24&r=stable&ec=6&o=30&fbp=fb.1.1601039782818.1103684321&it=1601039780967&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:16:26 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
30 B 18ms
10ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBlQup8MBzaqteSFg

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 25 Sep 2020 13:16:26 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 image
idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208711%252F7-ways-address-validation-helps-your-business-grow-globally/ 2 KB
2 KB 157ms
151ms Image
image/jpeg 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208711%252F7-ways-address-validation-helps-your-business-grow-globally/image?etag=1601027569794&width=65&height=65

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

d2eb32a955464e26e4632fc4464ef17cb48a34feee18f1cdf1178bcbd385bf7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:26 GMT
x-content-type-options: nosniff
server: -
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: no-cache, no-store, no-transform, must-revalidate, private
content-type: image/jpeg
content-length: 1763
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 image
idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208692%252F7-challenges-to-growing-your-business-across-borders/ 2 KB
2 KB 157ms
152ms Image
image/jpeg 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208692%252F7-challenges-to-growing-your-business-across-borders/image?etag=1601024258368&width=65&height=65

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

d2eb32a955464e26e4632fc4464ef17cb48a34feee18f1cdf1178bcbd385bf7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:26 GMT
x-content-type-options: nosniff
server: -
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: no-cache, no-store, no-transform, must-revalidate, private
content-type: image/jpeg
content-length: 1763
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 image
idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208504%252Fedw-to-snowflake-cloud-data-warehouse-transformation-an-automated-appr... 1 KB
2 KB 157ms
153ms Image
image/jpeg 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://idg.blueconic.net/rest/contentStores/d90c9555-d728-4305-91b5-a476232189d4/items/www.csoonline.com%252Fresources%252F208504%252Fedw-to-snowflake-cloud-data-warehouse-transformation-an-automated-approach/image?etag=1601036163877&width=65&height=65

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

21e30c8d5f7666f24a3d5edf1ae95559d1a1625330984fe63413ba5fa7681963

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:26 GMT
x-content-type-options: nosniff
server: -
x-robots-tag: noindex, nofollow
p3p: policyref="", CP="DSP"
status: 200
x-permitted-cross-domain-policies: master-only
cache-control: no-cache, no-store, no-transform, must-revalidate, private
content-type: image/jpeg
content-length: 1375
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 193ms
192ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwtkC,pingTime:5,time:6968,type:p,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:6969,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5346~100],as:[5346~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:480,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:26 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 192ms
191ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwtkD,pingTime:5,time:6969,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:6969,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5346~100],as:[5346~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:480,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:26 GMT
X-Server-Name: dt40dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 173ms
172ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwtkZ,pingTime:5,time:6969,type:p,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:6969,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[5182~100],as:[5182~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:2903,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:26 GMT
X-Server-Name: dt38dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 172ms
171ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwtl0,pingTime:5,time:6970,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:6970,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[5182~100],as:[5182~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:2903,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:26 GMT
X-Server-Name: dt23dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
26 B 105ms
96ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=-1199076074&e=al&n=5452387144983863&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&sa=1601039786869
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:26 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

POST
H3-Q050 204 csi
csi.gstatic.com/ 0
20 B 1381ms
599ms Other
image/gif 2404:6800:4009:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kfi9qxh3&c=4826600491699&slotId=2413300245849.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4009:805::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:27 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
status: 204
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
30 B 55ms
54ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykMdAf1N2drkVj2eJ

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 25 Sep 2020 13:16:26 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.csoonline.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 223ms
200ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwtnL,pingTime:-10,time:7141,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220200000222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200222002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTEyMHx8TW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,asp:1601039786184||67454bf0585a84a709ac731eb4d8e894||71ff54ebddb1e090fbf173d96e2342c8||b25a3532c57d18586bb0d05aa740297d||1b7841d70b5deb691cde8ac80b42900d||858252d1deac26a2156f6b43319632fe||1a6a114ae3f9fee1f74afb057336c8d2||9cccc230dfc277d9c58fd2bae2ef6267||1576000828,sca:{spg:29bc5084-947f-81fa-8fb6-1503de46bf3a}}
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:27 GMT
X-Server-Name: dt38dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3-Q050

206

file.webm
r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,e...
Redirect Chain

https://redirector.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/ip,ipbits,...
https://r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao...

192 KB
0

7ms
6ms

Media
video/webm

2a00:1450:4001:6a::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,requiressl,source/signature/5AC682E06F50DB3EB5C52AEAA9C3E0B40AE8E4A6.1C9221B34DE5DF34649AE93416473ECE3853149B/key/cms1/cms_redirect/yes/mh/O6/mip/2a01:4f8:192:5414::2/mm/28/mn/sn-4g5ednsl/ms/nvh/mt/1601039718/mv/m/mvi/3/pl/40/file/file.webm

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:27 GMT
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 22:02:41 GMT
server: gvs 1.0
status: 206
vary: Origin
content-type: video/webm
Content-Range: bytes 0-2546842/2546843
expires: Fri, 25 Sep 2020 13:16:27 GMT
cache-control: private, max-age=21299
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2546843
client-protocol: quic

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:27 GMT
server: ClientMapServer
status: 302
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,requiressl,source/signature/5AC682E06F50DB3EB5C52AEAA9C3E0B40AE8E4A6.1C9221B34DE5DF34649AE93416473ECE3853149B/key/cms1/cms_redirect/yes/mh/O6/mip/2a01:4f8:192:5414::2/mm/28/mn/sn-4g5ednsl/ms/nvh/mt/1601039718/mv/m/mvi/3/pl/40/file/file.webm
cache-control: no-cache, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 697
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sbt.js Show response
static.vidazoo.com/basev/1.0.425/ 547 KB
115 KB 92ms
91ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/1.0.425/sbt.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vpts.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 8bd2e35e7fc246236c46c8bf2e2bf3d173933699b93e21584322f3f5b78c34a4

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Aug 2020 11:20:04 GMT
ETag: "1597922404"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=81621
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 116411
X-HW: 1601039784.dop202.pa1.t,1601039786.cds211.pa1.shn,1601039786.dop202.pa1.t,1601039787.cds209.pa1.c

POST
H2 200 json Show response
idg.blueconic.net/DG/DEFAULT/rest/rpc/ 5 KB
3 KB 166ms
165ms XHR
application/json 34.200.115.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idg.blueconic.net/DG/DEFAULT/rest/rpc/json?referer=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&bcsessionid=3247f953-f015-47dd-b018-96ddd874be37&bctempid=&overruleReferrer=&time=2020-09-25T15%3A16%3A27%2B02%3A00&ts=1601039787293

Requested by

Host: cdn.blueconic.net
URL: https://cdn.blueconic.net/idg.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.115.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

- /

Resource Hash

1093ae7038bd60be7c248513d578a18cab26917a1738db5d0552d80c5bd1fa5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
p3p: policyref="", CP="DSP"
status: 200
content-length: 2149
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.csoonline.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 206 file.webm
r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,e... 23 KB
23 KB 94ms
15ms Media
video/webm 2a00:1450:4001:6a::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

e98bc8fe93c85d180d798ce5f1f93641db5490a91ab0b402cbc922edd4068f58

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=2523136-

Response headers

date: Fri, 25 Sep 2020 13:16:27 GMT
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 22:02:41 GMT
server: gvs 1.0
status: 206
vary: Origin
content-type: video/webm
Content-Range: bytes 2523136-2546842/2546843
expires: Fri, 25 Sep 2020 13:16:27 GMT
cache-control: private, max-age=21299
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 23707
client-protocol: quic

GET
H/1.1 200
OK settings.txt Show response
static.vidazoo.com/basev/ 11 KB
8 KB 68ms
67ms XHR
text/plain 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/settings.txt
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.425/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 8faa91130e5db554e604b48152e15dd301490be8ccf5d656c1264eebc9154ed3

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Sep 2020 19:15:22 GMT
ETag: "1600110922"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=81640
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: text/plain
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 7445
X-HW: 1601039787.dop212.pa1.t,1601039787.cds034.pa1.shn,1601039787.cds034.pa1.c

GET
H/1.1 200
OK outbrain.js Show response
static.vidazoo.com/basev/skins/outbrain/ 71 KB
20 KB 97ms
95ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/skins/outbrain/outbrain.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.425/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 3f006dec88c65732acad8ea71a9bcc6be450a360567eccc8174da37df54c6038

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Apr 2020 12:23:25 GMT
ETag: "1586175805"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=5013
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 19996
X-HW: 1601039787.dop022.pa1.shc,1601039787.dop022.pa1.t,1601039787.cds043.pa1.c

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
26 B 177ms
177ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=-391446625&e=i&n=8284352575443292&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&ad=GDFP&add=IDG%20Tech%20Talk%20%3A28%20sec%20ad&adid=5266879080&adv=&apt=1&adt=IDG%20Tech%20Talk%20%3A28%20sec&al=1&amu=https%3A%2F%2Fredirector.gvt1.com%2Fvideoplayback%2Fid%2F754fcff27e4aac43%2Fitag%2F44%2Fsource%2Fgfp_video_ads%2Frequiressl%2Fyes%2Facao%2Fyes%2Fmime%2Fvideo%252Fwebm%2Fctier%2FL%2Fip%2F0.0.0.0%2Fipbits%2F0%2Fexpire%2F1601061386%2Fsparams%2Fip%2Cipbits%2Cexpire%2Cid%2Citag%2Csource%2Crequiressl%2Cacao%2Cmime%2Cctier%2Fsignature%2F9F0856BF5326A8A358FE09CA6EDABE44AC857BBF.691BFD6937A234B670B58A41C9B4B6EDE931E1E6%2Fkey%2Fck2%2Ffile%2Ffile.webm&atu=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fsz%3D640x480%26iu%3D%2F8456%2FIDG.G_B2B_CSOOnline.com%2Fsecurity_sec&caid=&cid=138300111477&ct=video%2Fwebm&du=28&fed=xAPwXviG&fid=f1b09a30-7530-461a-9000-a7b0a1818eb7&fsm=0&iu=%2F8456%2FIDG.G_B2B_CSOOnline.com%2Fsecurity_section&strt=5470&tal=1150&vv=-1&uav=GDFP.138300111477&sa=1601039787782
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:27 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H/1.1 206
Partial Content blank.mp4
static.vidazoo.com/basev/ 891 B
2 KB 165ms
86ms Media
video/mp4 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/blank.mp4
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: c957adaf4326a8636ad68fc78acb194b96b34bbeba09daf6b36c74975ac37d21

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 25 Sep 2020 13:16:27 GMT
Content-Range: bytes 0-890/891
Last-Modified: Mon, 06 Apr 2020 12:07:11 GMT
ETag: "1586174831"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: video/mp4
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 891
X-HW: 1601039787.dop022.pa1.shc,1601039787.dop022.pa1.t,1601039787.cds043.pa1.c

GET
BLOB 200
OK bf1d1e1f-e2a1-443d-a847-0d4e98f21479
https://www.csoonline.com/ 1 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.csoonline.com/bf1d1e1f-e2a1-443d-a847-0d4e98f21479
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee441245ef85f538030acf5e534d1cf2664c18289cec8cc0d84656ffb0e0a95d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 1205

GET
BLOB 200
OK e046bd9b-9dcb-4e35-aaa2-ed86ac199290
https://www.csoonline.com/ 1 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.csoonline.com/e046bd9b-9dcb-4e35-aaa2-ed86ac199290
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e920612ce29a3290fc2edbaab7647470f21dda35cc1a350f9b8b362fc4d3ebe

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 1515

GET
H3-Q050 206 file.webm
r3---sn-4g5ednsl.gvt1.com/videoplayback/id/754fcff27e4aac43/itag/44/source/gfp_video_ads/requiressl/yes/acao/yes/mime/video%2Fwebm/ctier/L/ip/0.0.0.0/ipbits/0/expire/1601061386/sparams/acao,ctier,e... 2 MB
2 MB 15ms
7ms Media
video/webm 2a00:1450:4001:6a::8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

24495e96ca837f2e0ba82dd2f9b2bfbf228a6acc2312b5da34597faafd0d1d18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=131072-

Response headers

date: Fri, 25 Sep 2020 13:16:28 GMT
x-content-type-options: nosniff
last-modified: Fri, 10 Jan 2020 22:02:41 GMT
server: gvs 1.0
status: 206
vary: Origin
content-type: video/webm
Content-Range: bytes 131072-2546842/2546843
expires: Fri, 25 Sep 2020 13:16:28 GMT
cache-control: private, max-age=21298
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2415771
client-protocol: quic

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/x-font-ttf

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e38335b8da3a11b4a278e7572f99a3990da81b9764b7526bd7b69ec0c6a57c84

Request headers

Origin: https://www.csoonline.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/x-font-ttf;charset=utf-8

GET
H/1.1

200
OK

directsdk.js Show response
aka.spotxcdn.com/integration/directsdk/v1/
Redirect Chain

https://js.spotx.tv/directsdk/v1/265228.js
https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js

418 KB
155 KB

77ms
76ms

Script
text/javascript

95.100.196.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://aka.spotxcdn.com/integration/directsdk/v1/directsdk.js
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.125 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: nginx /
Resource Hash: d6fa7c39b1d5e288c739c3a225a90d0698798485d5b17c1350dc17925942b841

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Sep 2020 19:35:03 UTC
Server: nginx
Access-Control-Allow-Headers
ETag: 7112a693437c5fad3aa28033ed1f53f1
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=225
Connection: keep-alive
Timing-Allow-Origin: *
X-SpotX-Build-Version: 1.31.0-20200910.1910
Content-Length: 157845

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:28 GMT
Last-Modified: Fri, 25 Sep 2020 13:16:28 UTC
Server: nginx
Location: //aka.spotxcdn.com/integration/directsdk/v1/directsdk.js
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: post-check=0, pre-check=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 78
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK prebid.js Show response
static.vidazoo.com/basev/1.0.425/prebid/ Frame CD31 374 KB
116 KB 161ms
91ms Script
application/javascript 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/1.0.425/prebid/prebid.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/1.0.425/sbt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: ad90a2f9bbe8d35f350e16eceeb0b7c49fe853cc52a32a62c9fc2fc84bcab9bd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:16:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Aug 2020 11:20:04 GMT
ETag: "1597922404"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: max-age=3946
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 118014
X-HW: 1601039784.dop202.pa1.t,1601039786.cds211.pa1.shn,1601039786.dop202.pa1.t,1601039788.cds209.pa1.c

GET
H/1.1 206
Partial Content 5e369b45879a340004f7e9e3.mp4
inventory.vidazoo.com/5a9ea5a0225f7d0004c70045/5e369b45879a340004f7e9e3/ 10 KB
11 KB 71ms
65ms Media
video/mp4 69.16.175.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://inventory.vidazoo.com/5a9ea5a0225f7d0004c70045/5e369b45879a340004f7e9e3/5e369b45879a340004f7e9e3.mp4
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 0d3e39f8fc8dd7dbd323f99696f9e553dc774af283e7ba37d4684eee6d6f0809

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 25 Sep 2020 13:16:28 GMT
Last-Modified: Sun, 02 Feb 2020 09:52:17 GMT
Access-Control-Allow-Origin: *
ETag: "1580637137"
X-HW: 1601039787.dop203.pa1.t,1601039788.cds206.pa1.shn,1601039788.cds206.pa1.c
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Range: bytes 0-10410/10411
Access-Control-Expose-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Cache-Control: public, max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Type: video/mp4
Access-Control-Allow-Headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
Content-Length: 10411

GET
H/1.1

204

partner
sync.search.spotxchange.com/
Redirect Chain

https://sync.search.spotxchange.com/partner?source=dados
https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=52837e30-ff31-11ea-b949-1093d7b31906

0
588 B

97ms
96ms

Image
text/plain

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?source=dados&__user_check__=1&sync_id=52837e30-ff31-11ea-b949-1093d7b31906
Requested by: Host: www.csoonline.com
URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.125 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-spotx-halt-type: Audience Dsp sync Priority Sync endpoint Source ID is not on enabled source whitelist
Date: Fri, 25 Sep 2020 13:16:29 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 18
Connection: keep-alive
Content-Length: 0

Redirect headers

Date: Fri, 25 Sep 2020 13:16:29 GMT
Server: nginx
Location: /partner?source=dados&__user_check__=1&sync_id=52837e30-ff31-11ea-b949-1093d7b31906
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 7
Connection: keep-alive
Content-Length: 0

POST
H/1.1 204
No Content 265228 Show response
search.spotxchange.com/openrtb/2.3/dados/ 0
1 KB 288ms
100ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/265228
Requested by: Host: js.spotx.tv
URL: https://js.spotx.tv/directsdk/v1/265228.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
x-openrtb-version: 2.3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 25 Sep 2020 13:16:29 GMT
X-SpotX-Timing-Transform: 0.000319
X-SpotX-Timing-SpotMarket: 0.006419
X-SpotX-Timing-Page-Mux: 0.000313
X-SpotX-Timing-Page-Require: 0.000405
X-fe: 044
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000028
X-SpotX-Timing-Page: 0.010623
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000427
Last-Modified: Fri, 25 Sep 2020 13:16:29 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.006419
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.csoonline.com
X-SpotX-Timing-Page-Misc: 0.002698
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000014
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H/1.1 200
OK 265228
search.spotxchange.com/openrtb/2.3/dados/ Frame 0
0 198ms
56ms Other
text/plain 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/265228
Protocol: HTTP/1.1
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-openrtb-version
Origin: https://www.csoonline.com
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Fri, 25 Sep 2020 13:16:29 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Fri, 25 Sep 2020 13:16:29 GMT
Cache-Control: no-cache, must-revalidate post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: https://www.csoonline.com
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: content-type,x-openrtb-version
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 2592000

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 112ms
17ms XHR
application/json 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020091601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecf03ca9ba7d4d905686966f5dcec5b882bffd9c486f32b0933ea342b51e1fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6506
x-xss-protection: 0

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
402 B 190ms
187ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o2dl8&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00f63b6e0029b1ef
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
118 B 191ms
188ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nw1at&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 133
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 00e606ba0040e033
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
117 B 191ms
188ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nv5jw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0011067800c7727b
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
119 B 191ms
189ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1hbs&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 135
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:16:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 014f3453bb3ae36a4789e1cac570300c
x-transaction: 0058fb5500893823
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js?21067551

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:16:29 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame 16BF 0
0 6ms
6ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Fri, 25 Sep 2020 12:35:46 GMT
expires: Sat, 25 Sep 2021 12:35:46 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2443
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
45 B 98ms
97ms Image
image/gif 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020091601&jk=4422233137226889&bg=!wcKlwtpYmLnOwmj3oEwCAAABMVIAAABjCgHY01gwWtgoCvHPARzDllPSDjJSniEcn7EKHurDVv4944WyXZ_mUcusDUSJQh-2lxV2eHBL8r_VlF78sGa0fn07ICFYM9o1UsriXf3zM2FPtaHnsK571H-bSEt961t2PBbNeneugWhg4c90dtqA98j9dyeeNzxSOdNq8UE8A-1ZF4G1wuVXgXuWIJaw1WfFngqYP1u7ockW1WFbmiIquJ0VG7VsAxmgySDc51o8gDHxl9Hg68BZvk5gK2RqB83fGCnKl7Xg0xcNyQA6enVW4tVWfdCktdeTN-PRlWg2hpFrqg8RObGum7Yy4YWdoO_ewvB92u1m3S9t6XBEyYoP5rJbWXTdgV72z2KHpJlvCtsk4hCXu6KexDMdmqfsrpcx3Yb0os6a5OtGSYDH71qlzgbMy7zYU8K1-NdiqOCUQO4vLKQwPVj3DO3NsFKi_fo39n3kB0l9APvCSqPL1AekPeJ99EUffOHFyf1cH1cnVkpuvRDo1cSuvIY2HTZLLoPx8AFvSAvKr3qEUj8KPmH32tMY4YWWtA23oDPaHYKdUVyRxxwdFxugryqo30o8-uVkilG8Wj3t1tVdOdekq4wY4tWrJTnTYnRAe1DMD_a-VEYQtOB4UT1mzViyIZkBqn-kW8iKK5V4m1M3HP2L8YpSsa7DuTznrVurqN_D8hR7aU-_rIZJicXGe-ZugrYVifNu4MeDOLz4HJhyO-3jx5wD5paRxTWZUsl62OFqcLse4lmtTm6ztY8KlUSEJhidgFjWBZCXcEvu0O-iue3g73eyjfoesxJU-L_3oIEfdFYxT5NGzIf91VSl4FNGzpdlA1I9QBFIX2gW1AUyJKk8t047L7is7f2-r8O7kne7PVuxBBu6rPA89zhl3mV0LBbMjAMbI-hQ5GLNnv9nZ3q72POq9fLuUQhQpLzfZNtFLR1izEG_zh0V55IIS9AKoeABhlPozmv4_xKFQp6rtExLw6SbclMKvR5YmZGEjTVJmC1GV0zQIH5Cbfh3DkmAwf5gYAaYX379tVgfNOoZWPXUMI9PwPVZJxjeP01-k-AHMN0-Ct91kGCSgyL8_FcCRJYw2yGHcF9o-PTYOMKESofUmsDizMfVcxtRDBw9dk5JqeVPIhllZkj8f6YMZ5H4-sShZ5fBbuDIIc3V_xVFFfcNzgjJTaSgMidR_-XYGP9FbAz9y9OVKdsTTrQ-jA

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 204 csi
csi.gstatic.com/ 0
43 B 484ms
484ms Other
image/gif 2404:6800:4009:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kfi9r1xb&c=4826600491699&slotId=2413300245849.5&ps=0x0&met.4=hvd_lc.kfi9r1xb~hvd_src.kfi9r1xb
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2404:6800:4009:805::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:16:30 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
status: 204
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
49 B 95ms
95ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=1417149584&e=vi&n=7347200703877748&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&sa=1601039790782
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:30 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
49 B 96ms
95ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=1826769642&e=avp&n=7869410639019168&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&sa=1601039791282
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:31 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H2 204 ping.gif
prd.jwpltx.com/v1/clienta/ 0
49 B 104ms
103ms Image
text/plain 2a04:4e42:1b::626
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd.jwpltx.com/v1/clienta/ping.gif?h=1556752679&e=v&n=1976547057512201&abc=1&aid=LIgcEqx3EeidKgpVuA4vVw&amp=0&ask=LxK3nuOJ&at=1&c=1&ccp=0&cp=0&d=1&eb=0&ed=3&emi=x2ykjp1otkni&i=0&id=z8f8K3bE&lid=1vq7raeyvgda&lsa=read&mt=1&pbd=1&pbr=1&pgi=m9vaqqtj67b1&ph=1&pid=8yHZorDV&pii=0&pl=226&plc=1&pli=vmomgs8zfqi7&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=What%20is%20WastedLocker%3F%20Targeted%20ransomware%20extorts%20millions%20%7C%20CSO%20Online&pu=https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3574907%2Fwastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html%3Futm_content%3Dcontent%26utm_medium%3Dsocial%26utm_campaign%3Dorganic%26utm_source%3Dtwitter&pv=8.17.5&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Ransomware%20in%202020%3A%20How%20it%27s%20evolved%2C%20how%20to%20fight%20it&tv=3.31.0&vb=1&vi=1&vl=90&wd=401&ab=1&abid=4g5kzc16p4fh&adi=4g5kzc16p4fh&apid=4g5kzc16p4fh&awi=1&awc=1&p=0&pc=0&pi=0&pr=2&vu=pubads.g.doubleclick.net&ad=GDFP&adti=6.632192&adati=0&advti=6.632192&al=1&ct=video%2Fwebm&du=28&fsm=0&qt=1&vv=-1&uav=GDFP.138300111477&sa=1601039796282
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::626 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:16:36 GMT
via: 1.1 varnish
server: nginx
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4024-HHN

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 172ms
170ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwvVN,pingTime:15,time:16961,type:p,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:16961,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[15338~100],as:[15338~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:220,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:36 GMT
X-Server-Name: dt40dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 168ms
166ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=29bc5084-947f-81fa-8fb6-1503de46bf3a&tv={c:pkwvVN,pingTime:15,time:16961,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:1739}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:16961,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1739,wc:0.0.1600.1200,ac:985.682.300.250,am:i,cc:985.682.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[15338~100],as:[15338~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:220,fm:sbBBKKS+11|12|13|14|15.8879|151|16*.8879|161|17|18|19|1a,idMap:16*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:36 GMT
X-Server-Name: dt96dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 166ms
165ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwvW2,pingTime:15,time:16954,type:p,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:16954,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[15166~100],as:[15166~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:336,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:36 GMT
X-Server-Name: dt23dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 167ms
167ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=8879&asId=9fe26884-9f12-64f3-b193-6ac3ee118652&tv={c:pkwvW3,pingTime:15,time:16955,type:pf,clog:[{piv:100,vs:i,r:,w:728,h:90,t:1867}],es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:16955,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:1867,wc:0.0.1600.1200,ac:436.460.728.90,am:i,cc:436.460.728.90,piv:100,obst:0,th:0,reas:,bkn:{piv:[15167~100],as:[15167~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:336,fm:sbBBKKS+11|12|13|14|15*.8879|151|16.8879|161|162|17|18|19|1a,idMap:15*,rmeas:1,rend:1,renddet:IMG.qs}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:16:36 GMT
X-Server-Name: dt38dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

355 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.csoonline.com/	1970-01-20 06:15:11	Name: __gads Value: ID=b9c89a3bfa504f86:T=1601039786:S=ALNI_MblLPU7mN-WVg4Pbk4wLeM01DJQ6A
.csoonline.com/	1970-01-19 14:53:35	Name: OB-USER-TOKEN Value: 138589f1-0eee-495e-9069-7e533867e433
www.csoonline.com/	1969-12-31 23:59:59	Name: GED_PLAYLIST_ACTIVITY Value: W3sidSI6InFZZjciLCJ0c2wiOjE2MDEwMzk3ODksIm52IjowLCJ1cHQiOjE2MDEwMzk3NjQsImx0IjoxNjAxMDM5NzY0fV0.
.csoonline.com/	1970-01-19 12:44:03	Name: AMP_TOKEN Value: %24NOT_FOUND
.outbrain.com/	1970-01-19 12:43:59	Name: recs_dde639e08078cfc1208c2b3e6f6f9df8 Value: 2B2956018878A3001558883ACD0
.outbrain.com/	1970-01-19 14:53:35	Name: obuid Value: 138589f1-0eee-495e-9069-7e533867e433
.csoonline.com/	1970-01-19 14:53:35	Name: _fbp Value: fb.1.1601039782818.1103684321
www.csoonline.com/	1970-01-19 21:29:35	Name: BCSessionID Value: 3247f953-f015-47dd-b018-96ddd874be37

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter(Line 298) Message: addEventListener removeEventListener: 0
console-api	log	URL: https://cmpv2.csoonline.com/wrapperMessagingWithoutDetection.js(Line 1) Message: Messaging without detection successfully executed.
console-api	log	URL: https://ccpa.sp-prod.net/ccpa.js(Line 1) Message: CCPA script successfully executed.
console-api	log	URL: https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html?utm_content=content&utm_medium=social&utm_campaign=organic&utm_source=twitter(Line 897) Message: ad targeting permutive kvs: null
console-api	warning	URL: https://www.redditstatic.com/ads/pixel.js(Line 1) Message: Reddit Pixel Warning:pixel has already been initialized
console-api	log	URL: https://www.csoonline.com/www.idge/js/thm_pre.js?v=20200924085942(Line 575) Message: logPlEvent fired
console-api	warning	URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__en.js?usqp=CAI%3D(Line 148) Message: Component of type results is missing for Element named two-column.
console-api	log	URL: https://cdn.blueconic.net/idg.js(Line 136) Message: [BC]Item will not be scraped due to missing publication date
console-api	log	(Line 2) Message: TypeError: Cannot read property 'dataPoint1' of undefined
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.4.114.js(Line 32) Message: a: 0.003173828125 ms
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - Duplicate Pixel ID: 528995260596026.
console-api	warning	URL: https://static.vidazoo.com/basev/1.0.425/prebid/prebid.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.ch
adservice.google.com
aka.spotxcdn.com
alb.reddit.com
alt.idgesg.net
analytics.twitter.com
api.ipify.org
api.permutive.com
api.rlcdn.com
api3847.d41.co
as-sec.casalemedia.com
assets-jpcust.jwpsrv.com
ccpa-service.sp-prod.net
ccpa.sp-prod.net
cdn-0.d41.co
cdn.adsafeprotected.com
cdn.blueconic.net
cdn.jwplayer.com
cdn.permutive.com
cdn.subscribers.com
clients1.google.com
cm.g.doubleclick.net
cmp.csoonline.com
cmpv2.csoonline.com
connect.facebook.net
cse.google.com
csi.gstatic.com
d16ae83a4b53362762f86962646a2056.safeframe.googlesyndication.com
d2zv5rkii46miq.cloudfront.net
dt.adsafeprotected.com
entitlements.jwplayer.com
fastlane.rubiconproject.com
googlesync.permutive.com
htlb.casalemedia.com
ib.adnxs.com
idg.blueconic.net
idge.staticworld.net
images.idgesg.net
images.outbrainimg.com
images.techhive.com
imasdk.googleapis.com
inventory.vidazoo.com
jadserve.postrelease.com
js-sec.indexww.com
js.spotx.tv
libs.outbrain.com
log.outbrainimg.com
match.adsrvr.org
mcdp-chidc2.outbrain.com
mv.outbrain.com
odb.outbrain.com
p.skimresources.com
p.typekit.net
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.staticworld.net
pixelconnector.adready.com
plugins.blueconic.net
prd.jwpltx.com
px.ads.linkedin.com
r.skimresources.com
r3---sn-4g5ednsl.gvt1.com
redirector.gvt1.com
s-jsonp.moatads.com
s.ntv.io
s.skimresources.com
s0.2mdn.net
sb.scorecardresearch.com
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
server6.vidazoo.com
snap.licdn.com
ssl.p.jwpcdn.com
static.ads-twitter.com
static.adsafeprotected.com
static.vidazoo.com
sync.search.spotxchange.com
t.co
t.skimresources.com
tcheck.outbrainimg.com
tlx.3lift.com
tpc.googlesyndication.com
tr.outbrain.com
tracker.adreadyclick.com
trib.al
use.fontawesome.com
use.typekit.net
videoclientsservicescalls.outbrain.com
w.soundcloud.com
widgets.outbrain.com
www.csoonline.com
www.dwin2.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.redditstatic.com
z.moatads.com
104.111.215.135
104.19.149.54
104.244.37.20
104.244.42.3
104.244.42.5
143.204.215.63
143.204.215.94
143.204.94.111
143.204.94.15
151.101.112.157
151.101.114.110
151.101.114.165
151.101.114.2
151.101.194.165
151.139.128.11
152.199.22.243
172.217.23.162
172.67.36.86
185.33.221.13
185.94.180.124
185.94.180.125
185.94.180.128
199.232.53.140
23.111.9.35
23.210.249.164
23.210.250.13
23.210.250.213
23.210.250.44
23.37.53.17
2404:6800:4009:805::2003
2600:9000:2057:a000:17:5578:e080:21
2600:9000:206e:2600:1:a3fa:7cc0:93a1
2600:9000:2182:f000:8:48e:53c0:93a1
2600:9000:21f3:7c00:2:d151:aac0:93a1
2606:4700:3031::ac43:be68
2a00:1450:4001:6a::8
2a00:1450:4001:801::200e
2a00:1450:4001:809::2001
2a00:1450:4001:809::2008
2a00:1450:4001:809::200e
2a00:1450:4001:80b::200a
2a00:1450:4001:817::2001
2a00:1450:4001:817::2002
2a00:1450:4001:819::2006
2a00:1450:4001:81a::200e
2a00:1450:4001:81d::200e
2a00:1450:4001:824::2004
2a02:26f0:10c:582::25ea
2a02:26f0:10c:5a4::19fd
2a02:26f0:6c00::210:ba0a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:1b::626
2a05:f500:10:101::b93f:9105
3.121.66.29
3.94.37.25
34.107.254.252
34.200.115.102
34.200.67.223
35.190.59.101
35.190.91.160
35.201.67.47
35.244.174.68
52.203.184.151
52.215.225.80
52.50.67.37
52.59.111.161
54.197.13.220
54.204.14.42
54.225.171.0
64.74.236.63
69.16.175.10
69.173.144.141
70.42.32.191
95.100.196.125
95.100.198.32
99.86.243.5
99.86.243.61
99.86.7.51
0191d915c103f60435b09b2db123d75448172ba345544a00526512459b4e82fd
02d2940a00290f3a9e4955de7821626688c0cacde8c97c762838e6b40ab22926
03643efcf63e8fbfe6571cd0f1a4ce49f8575a7bee74f2e9fd7fab344e474e48
046c81e72ccfba9ef244fa498f7caa4d715258899cd3dd87008e28ccc1eef3ea
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
053d5c873a012d89c7a079d097426cfddb18b28494a55c51eff89e0294540dfd
05d3894064387b3bb7f5791344f958aae9c6eab499b912ef345cc6ed3987baa1
08aa3a5ee68a21d5771a70b20495b6da1c0f996c46982cd1b0447ad2db730d11
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0a26431c59babc971eb06e7b25012846d70e1296b3110951275846ba2c7efbc5
0d3e39f8fc8dd7dbd323f99696f9e553dc774af283e7ba37d4684eee6d6f0809
0dbf4106e062b56a7d4db32cb448fad76e1aad0bf204b8569091bdcb5abed21e
1093ae7038bd60be7c248513d578a18cab26917a1738db5d0552d80c5bd1fa5c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120fb2279d5061dd4a428f935fdf10c09e95c1f2ec0346f7aaf6c8b7f382cf49
17bb8b5dfa44693e301a436b03b03ef05ed0a581e6e036aef2756a5c03034356
19879ad5afa02d472cbadac15ba3392a4e8213cebe4cf85f784a41803f60255c
1b197985c0bef8bc365381bd16e15dccf184eb33d0abf0afdb4f567da2000fb2
1ba72a30c597d8c5d07c728e9b6aa6ba94a47a9b3ebab98a5ed1df3d276059f9
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1de023239ba0af490f8198f84bb19edaddfbcfc75d281ed5f9644bcb03497a27
1e9a75fd7f2fb65368a815adfe3aa6d983fe7e20a3b5bc208eb36585e005a227
1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47
1fd21397d1395d7af4820bfb1ba7475f8d489cc8f34bf618004e3df1ee75acba
20aae1e27cc1b9df4f61555525643b743c88437d0cf1e9eab67b1608cde7357f
212779b61346c660425c56864c24405ed7dd8ee68604df00f3952a852be2518d
21e30c8d5f7666f24a3d5edf1ae95559d1a1625330984fe63413ba5fa7681963
2247915f698afa2d7cf55b68b3676414357432f58703f279aedf25d011df8a69
22743e48208100b30e26dc7136de29be0e624ecd577c28c3f424f723096ec8a2
240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9
243665ad31c64d282886b90bdae96bedec86a8e63ee58c0ee098be426ee3c4b2
24495e96ca837f2e0ba82dd2f9b2bfbf228a6acc2312b5da34597faafd0d1d18
248c395d359f5cef4fd1fd0da1a5003e9ac88ec8ca5f089a5d29c8d6521a208b
25c28e548968ba22257dec0326a38dc02f324e44e027e5266474420986c77009
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26d583914f449a2fd4385d83b7a9e9b439c5e5c3c408fb566accb0eafec89c70
271c331b184bb2ee04608d947c44897554239ef0df773bf75d889e130deb2b83
27ab02fc09609aecbf3650c6dddbd427ccd7b3ee2cedad7c8e450cbcdc1ac938
28ed0810fc5df0bf792ce1e3bdc5aac6a7280d3678bf7cbb58d9e698c8988753
2a2d8cca92098647e664c23c8f1258b498924c08c0d8150a4974b2ccec40b988
2c40f90a9715ce5308df7a8abea2adf84a79a9110aa373a9cb20891ddbba6061
2d0dc7527e8576659779e7e660732330a44c03679df3f69a5f37fd500bd94a13
2d449c7cd834b923b123f740482884501a6a6022dc24ea9e5b9a14a1bfb06ed4
2e93ce556067b7b36614268b2800f434ec9bf82b67bd11fc4c7153816e2e205d
31b0497b536aea9ea2f798a5e2645b07a618cdbd147c39e2c0314fb987cc7887
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3208c96177b7053855574338b4f374864c84450a2bb498d257f96b24fa89228a
327a742244ecfe2d5bf209e8bdf258164a1c47940e0306a6c11fb2914ebfb602
32fb7ef9d8a44a6fcb2d5065b38a9afbac0b93d90fd08bd84a522d06bbb6b46b
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
333218e3819ed86435d75ec897ccc3620cb61010ce3cfc8c74c0ade22d942f7d
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
33d45c56f2260f6d35c758930610b52b9c67b16d02e694eeb3ca5b0f4291736b
3410ec4d59df964cdc8ab4f99d97c31b44f3aa1e144e1c97872a2dc0ef9c9c78
37aa2df6eabbf801c05c6c35dc8314f9e284868f1a6ef2cb2732d2d33daff9f3
38d4510c34bf1c09a3f7bac5337fd42b04e5f4355db6d5e4f16c5f38672da6ea
3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070
3f006dec88c65732acad8ea71a9bcc6be450a360567eccc8174da37df54c6038
3f1c2608a472ebb389c04f6e551d559fedad5b4eb7c6abda69c6955ea5f8e560
413215e01c47f149df91c6d2281bc5288980420466333b3190d2807c1a5a6966
41af1933a8ec7d9c04055c89b358e9fd66dfbf32fe4b89bf226ac71728af6cbf
4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3
429761aff66ee483e402f5ada8c29ebedac7c17a6e1ff5cf4b57e098340cb1ff
42c6222ad0028f65f9b76df8c3b7b19d695ed549a530a3ce40e47824b1e9cf09
4310ac7f23a45cec94166b5477d9f78281a5864cd0ff26f3faab01560fcd6405
436dca4fb220a60f8af499d51e85410297bebe01265faf24a1e735f34d4706a5
446f686384245c64054c604dff543db93adb1b5a1186a476799a201a8f85b32e
453893f7daa3d8fe9716f8c6d0f36f8ade8cacfc0093e164f4f998b46427959e
4541530cb29a2ada1633e89da683349daa9792860aa80171e4c8fddf70998fcf
45578d421aaeec2de59e23899c6424dad16ff4bd0de51e40c20ccc4c994d7952
461359154ace9984b2315dd397ffb512d05f0bd691b7525d7e4f565f0d7ced0c
464e7cde418a559c5035942d1ab154d5d906f378f256a0dd39848d197df6180d
4783de51108b431ccaccc3c1f30c338f74d777ae4e233299e83a879a828d80ea
47c749c888c850505d68f2745651928d8aec9a6802d6a8b20869fa114af92277
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
4df1646c37606f95b7cb5a140723c25f6d4cd2b793c7404615c3b5cdfbf60f66
4e6b5fc328bac95eec2e30afa8a58224c9accc6d70daf0e864d75c4c6d07fe94
4e79c52a8e8d4f7c4eb7792ac9865e6d4cd664717e584640a145b928dad1c062
4f4ed0e81c2f0016d06ae816dd872edc04e97612c9d36f2f3f4475f2954e7fcc
5156e9286b87b1e03f6151c2bb29ad54d2b9da4df874a23c742a0693bdc209a1
537d7a2ee55484fcb24cea45dd4593d1f478d83545b0399616af969a69c88c41
54138d578ed166d5381db70b3dd14a16830233553b6e4213402bae2fdb0564b4
551c004633e25f9dd42ff8e4af57138e73e1a06349e8296ed7180046c0452ae3
55e8d16bb1a291b0524928dd3bd20c191a14d8a947e4b141271f9c595c7bb451
56dbf0a4f96a286d7304601076c747c21f376f74d69d14d26cb17b1b6f65f06e
5b3b7577eeaf1c81d6d335dd4799bfb08ca9d1e8a1edeeb4dc7c73ff1b7a3a24
5b60a549260bc8c8c099d635207934fc5aa329c199d8dff4311db07bd46d68b6
5c2f47b770053f0202f2dfbf100c59e2f57dc898835aa2a7aa96e420c95d42a1
5df9e6187687936c2e87b554cd224cfe11f312065ff5160f5299f38b94c5c75f
5efe0a445a0d7ec5c97d29d97a08a6533fd4dc588d7b20197cbe2133b0136153
607bfd152e5c762ba0f0502f653c7bbb546ad7955e792a9840d4ae28a8219423
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
60dd5519f650093569e182129a76fbb5ba46877ab10359d0f3427bec56480c3e
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
631a01372ce75d21c9d888592b11672618e35a3c11c8479d9e11c342ccfe3045
6462feb1cbb3a001c02640a27145382a19a639cf0263ed50dd90a3b2c7e8b202
66b5ca68288cc2506f1c5709fe38cebccca428406a7ce96e392718203666d503
676aa6d4090a54ea6893484095f55c80659fb8538db100cdb8ce1dc82bab42b8
682abed659d964807ad2dac4185b51deeb6a2f7835ef3dffb4b1579c673850e3
6a0f6cf6b4648c192d81b5fc7b70cb2f6819ef4a799e421e8626cae9697aa85a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b61fa92f57dfeee7a470ff67856fdeb82dafabe3286939f03580058e15578ab
716ac777625b0df24474475de328c05a62488d649d3241f1770be5e21558df4b
71a9f7971618b14dc4014c55de13c36da054db21b986c50a6d112eaf9e366418
71d982df62339d7f6a6e846afc39343f4cf59b9e5e98951450eba38a8264c80e
7255d77d8f92c8fd907f956813a78976aac99aa025ff9f60e2e055f026c9f6cb
77a59cb277854c7e55d027b3cc11095a241d8107ff7be5b345403453a3d16be1
78d83d68ccf7a24aca085486bfc291760424279b6f5308092af4fe600b9d1e19
79a9145996f341a58223363a5af322d5323989e53ccf573ba1b31354ade683af
7a79188b7db1b69d86f8bb8a1ba54d3fda27b7e7c7037c7b99095ef1b0b42925
7ab5965c8487c7a3d837cfa47b6794b54661061fcac4c927f9815a5f58484c94
7aecb1cdbdd9262694abfe07426607cd3f7dd6756821c4490b7f8bc6f657fd22
7f4c9764a74f7e73502dae77b4163c62f985c27049a30c72f87d0ed8e54dbe3f
7fb03cf71cc816b356583c7c1fc0ccaf41a4c92976940a840db17e6b8bcfb91c
7ff3811703019eafd657f1b6570c8116fa76072428161cee22ec769b26ef634b
80d1b2a2843802e3a21df4e86920803ca7a7a44858982df9350b60c751e6e4d1
80e8a7ffe6b4e04e1dab4cc0b85ecd6008f6707bd4f3f03a42e1af8c39cb994c
8187e19c2761d268d113334fe299b74b57d3edd273f32cd868862a7583a7c2e6
8208c96d738487957a78a0dbb2f3b801416b486b3d66cc94fccf55d589225743
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83d86c9e7359ed844c0e7682abcd5cdb65222d421c61156f17791ac6c2650274
8461d766c8ebd6915b7a9a15c5331bfa317342a21f44c99228df68d95d07430e
87adcd951526f566dd8a1eb655a8c4736a3bad8167f6e09a255e54650aeeb655
881717e560824371266b22adbb2731de265e074a93af1805d57dfbbfce4094ce
8982bee74ee4a24031eea6ffe2cf2a3a41b3eee01490dfb4b8a641ef69dc923f
8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a
8bd2e35e7fc246236c46c8bf2e2bf3d173933699b93e21584322f3f5b78c34a4
8d8685788fb9f068527bb37b61f70a685dc17e3f86475c35f8b6719e068db491
8e920612ce29a3290fc2edbaab7647470f21dda35cc1a350f9b8b362fc4d3ebe
8faa91130e5db554e604b48152e15dd301490be8ccf5d656c1264eebc9154ed3
90e7f8120f6d2e856e3a487abe2551c75bea54bee192a5a9b8afa4a0216eefa6
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93a3b18a992b46699ae6202a91ad3a170761f38875c59bdac24765c752a5f8d0
942b7c5ee7dbb6550a2c68301ad76871642608288bf9a6b502ba20144ae200d6
961da481cfeabce04da7810a88e8edb114f276b64efe564c557d655601ccb368
9649812339f345baf723c0023908be746398ca47dee2bcd48497ec01d0c82dd2
9844fb443bd322af1d908116fa890abdbed6b8b6fe73fba91c9beb8408318aad
9b1e8d6a6fbd575fde082a6cb30309f23fa6ff311452aefe5e18f6cf0ee80fbe
9e505245ea5363e87457877edccc48b032910ed5295995c7c6587840a694270f
9eb5f4aaf681528b1c83e13a0e9302e9f05132372e35dbc96c95485198028d56
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f12c3ac22648400223ac81fb31461be3fc226927d57c444f49e879483a9d74
a21b332d2f8b5cbed8e1fc317d1e9f41ccb67341c73da44d05e8347e64740e16
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a446a273a279f92bf3d1dd299d106cff149e9a1a3e4ecec1082a7e418b833635
a5e5c781317ce492049cb1f9e1deec67c47bbe5dbd03ec12f688cf7a221a79f2
a69ce1873c66db872d764431fa2bb8a544f96935fc646ce57afeba2427be4079
a6c194f1db602b3fc6d0f7a89ad7faa5f91cdaaf69b69b14c791347985789c3b
a739dbffc4a907c1f133b4b26e0daf544ea743218bba5704a910313b0ef3ac10
a77926f504a5bb0acf1a7fb70c75f290ebeb93d7b7cada28a5456b10ea51111e
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
a8bd22f9acbeadb00865723e499482b60825fc104a5756f75bd8a0532da5b5c3
a8df0678076b92038596e4a3b1c8a9d230275e4dbe72ae9ccd4ed99eed08ade0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad20d2d42fcbd58ad9c50a6e53db21bf4425be6f8237a41f109c2717c30b4067
ad90a2f9bbe8d35f350e16eceeb0b7c49fe853cc52a32a62c9fc2fc84bcab9bd
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96
ada87e3aeb2337b8a7c56ea1b960418fc0bb0c753f86f0e49eb580c3e406c501
adcb520dc26fa6ab94289c2e1c838695f971ca9812bccfd8bd1ad097bed02abb
af34f58ea2fc346a5f7028ad8b721a9bb31405cf283471a37dab53bad10a6a36
af59d19b683ee85a6df8fbd4567dd65cf047f0633331dd83bbe8e0da758c2f49
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2191359df7b453a2d66e67dc971308b743b548bd42f2c2aba1876af993187c1
b317742277d72c28cb24020d61cc7daecd4e51e48a68a16440d26bf1a008a129
b3be241d203ddc10730645993381cf8341eef547c398ee56c0eb4827436f916b
b42412a0e2fd452601f89dc9119e8dc4c563d204e6a54ba2f91e7c046f9de3a4
b52e06f854795718703ef9723b47a9a23edcbe2ae53ff261926d8d6059056cfe
b59054e128a42511aa22399d02cd8365ac1c66a6efe6f4f11cfe1ae16284db0c
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6bd0e2ebcb4e0a35e3b4c07f647976dc8a37088de6887bb1ac47fb46452f4e4
b6c2c3758890555f89c07c92ac29cc634df476b26a90f2304e48b4b3fa643a49
b7a1d704835d432cc1c9edeae10428e2f1d7630977cd45db0e3c149fb3feea33
b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8
b87b6f6df6ef31e432a1de46097189259d52c2b5d9fee5b92c92281e02f1e7bd
b89d1392bc3470f6265f954af0cb9b555a9746649cc24736a7e8653c04b26eb5
b99f3fcd814502aee6281200cbc7b0f77f2dbb267b90d6ad8e29c6036c1e1af3
bb2a3123cd7fcae42a41e2dc0690573ef47865d9c23806035f420eb3459009e5
bdfe5b167ff906b96e1f8f028ac8f5e41af7a1892d0cc3a275d28057ba79c0a9
c2787f84ac525e6b202f56eb25ef03f40017d11100280dd6f3866cadb4d1f50c
c454b07c7131481526147dcae201c8cab8413d20e6ec01916d76be3ec4863796
c80b8e38e93a84d8bcf76639294cabc7f0bad535d4a896660004734cc5d1c61a
c957adaf4326a8636ad68fc78acb194b96b34bbeba09daf6b36c74975ac37d21
c999de3c61bdb3214454af6f60c9c487595bac5dc7388a3e23a2ae5a860ccb11
caf6c9923c60fce46c190511fee65a8078c39fc4a5fb3b6d5b75f2e66f5fc532
cc2b3c7e22b8495a9ee9c181ea842903f2440410ae5e21431f0da37f484b971b
cc8104c2421ddba0fee8e079eb7f771f4c14ec71c0c714d67c530afcbf761766
cce1a9282d617a8475100f0a0505c83464852a4ec34ff854792d8af13dccb8aa
cd8eb12655a8ddceb0cf2d593f6bb77a9b7fc22f3c96dce4ed400046564cdf2e
cdf2700459ab474c9e19ccf7a3b9c6044a6cf2f2ff7bb0e1ab7bde2304409c87
cef963efb8a2ceebc50926536c1ae7da95f83e838ccc5a0c9225b6acd0fcb5ff
cf039723cffa666890460c45c76e739b676456ec01632d019d50f5b84b0d907b
cf27f8018bd9ca97678c75d818bd64d92c46e901ad20f669c37853ad59c1bd13
d1a4e9493646c43ede7dc75967c07c171e9f26d4e8db9ab945f863f1a221b590
d21af2fff5cc426ba97ff56847d5b53a77587b7193c414c94bd1fea3b98cdde0
d2aae940b6d023c99cbd656bbd0868f51bcf4a93455efef42cc95d8a4c7bceca
d2d4f317dcf44ab195d049f781fd353562cf0fa08474e0c659f0fa06609d5529
d2eb32a955464e26e4632fc4464ef17cb48a34feee18f1cdf1178bcbd385bf7e
d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e
d4e62450d6486976b2fe98d3e97b3c46e478e20e89e049924220c1c8e252849f
d6fa7c39b1d5e288c739c3a225a90d0698798485d5b17c1350dc17925942b841
d7849677344c719d26e0945e57ae7bdaad94d88733aad303ee96d8d1f933ce9c
d8647c55fd1fd7fb41308e532011e690ece20f06ada20447f7ac88ac0d8099ef
d9e1b9c58979efbe7f360f1de3085a036a699c9dcdd90ee640dd8182b29e5bca
db29aa88ea3a11062a7dc45fcc65be9b8dc3fff9c849078dd6809d35974e86ec
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
defa292e1de2d97bf674516e7f3ff5b0c1e65889889d67b45d4f21a63abb2699
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfd9e061f289eeaf739ed0e3f756905b4c61dfb2403c1a5c8feb47134aa43dad
e0381b7f79e103a4fa10a42e3c9c45df13f0d25af5b0979548fdb09ab87135ee
e0c629f4ece53000517c7077027971a1dea36ec8c9daac30b7655bcbca84b00a
e38335b8da3a11b4a278e7572f99a3990da81b9764b7526bd7b69ec0c6a57c84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5901ff004173bf87d2b50d2af03308c3480ff1a8a40becb914354f3bb7eb2a5
e5c1d9e7bdeaf3372dee724d175d25aca879ed52ae9afd018f503e9d74e09b50
e60ce047bba409ec397e9852d74090b58b2c2153a5848410735c7572f656df9b
e6bbe03cd6aa538c95d9a9411d2a08ceb28bd14fb77a7b0bc5526ff3a8b65e5d
e7fe4bbbcd03769a878f9dfcb5a03c43a3a897af814e2f1e7662147ab07c29f2
e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50
e98bc8fe93c85d180d798ce5f1f93641db5490a91ab0b402cbc922edd4068f58
ecf03ca9ba7d4d905686966f5dcec5b882bffd9c486f32b0933ea342b51e1fe5
ed4b59c842945fa6d990f7d9a750c87a92f7ba60f7f19f8d18af145853c35c1a
ed7ff5793961f334165563c347d29d32cbab46d8be7c216aaa068c95b618fe8d
ee441245ef85f538030acf5e534d1cf2664c18289cec8cc0d84656ffb0e0a95d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef756e21b4660483b0d200e15873d899d783fc49abccebcf5d2ebc5d7e6f8e31
ef7755857c07a98436dce7c81f0071da4925b63aa320f6a600eafdc08d620f5f
f02ed5ac7850392ad9eeb1c1bc4dc5ecfb1cb8474a8f628add9edc351e6ea680
f0b97fc49950832323730d508911fa12bd098eca0670ccb3a18ada5af3a34699
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f185a76f3a9c1efb29447aaa2fd02ff4aab140b80fca9a589a9bb94db2fb0058
f1b17f2f9534096425d6a28ed4a6c87f220b12a4b579c2936ab358e1da7de235
f370d6bd05df8e6a5b671f06e038c4d85d95dc5446fdeb8f8762e817882a8322
f6bbd3540733be952a2921b2e4716d3b5190d5897510efcf9baa09649a1eaedf
f78e548cba5f4c0959024934674f048be08f5f25a8734fa5b02aa10aaf6942ac
f8158f2dfb4c7e7376c37298b1194bd0c44d31486a9ad9910218d3e9e79fe22a
fb6b1425ff73fe62d725a3981ac08d9f57e16e14d5ae321c617e21e1d7403d1f
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fd66d8dc41c06a99c3877934b3af8d38de72f3a94db252c0b9474bec35014491
fdbad87c5d0c58d704b876a4eabf35d5e718e60a8c246699d518a3b27d77226c
fe63caab2b7332d08db1fb857d5db53b30a2f53cab26c1d0ec6f47f5d446aa45

www.csoonline.com Open in urlscan Pro 151.101.114.165 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

370 Requests

99 %HTTPS

32 %IPv6

61 Domains

100 Subdomains

77 IPs

6 Countries

7830 kBTransfer

17266 kBSize

8 Cookies

53 Outgoing links

Page URL History

Redirected requests

370 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.csoonline.com Open in urlscan Pro
151.101.114.165 Public Scan

Screenshot
Live screenshot

Full Image

370
Requests

99 %
HTTPS

32 %
IPv6

61
Domains

100
Subdomains

77
IPs

6
Countries

7830 kB
Transfer

17266 kB
Size

8
Cookies

370 HTTP transactions
4 data transactions