securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGT...
Submission: On March 07 via manual (March 7th 2019, 4:11:40 am UTC) from US

Summary HTTP 175 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 19 domains to perform 175 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on February 21st 2019. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 43	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
1	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	23.67.137.77 23.67.137.77	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.109.70.8 104.109.70.8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
40	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
29	23.62.140.165 23.62.140.165	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	23.14.94.45 23.14.94.45	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	18.195.194.147 18.195.194.147	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
10	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
3	54.219.148.162 54.219.148.162	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
10	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER - Twitter Inc.)
2	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
3	2.21.242.219 2.21.242.219	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
175	24

43 2001:8d8:100f:f000::289 (Germany) 1 redirects

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.137.77 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-137-77.deploy.static.akamaitechnologies.com

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.70.8 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-70-8.deploy.static.akamaitechnologies.com

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com

i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 23.62.140.165 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-62-140-165.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
opt-east.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.14.94.45 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-14-94-45.deploy.static.akamaitechnologies.com

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.194.147 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-194-147.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:806::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.219.148.162 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-219-148-162.us-west-1.compute.amazonaws.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.22.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (San Francisco, United States) 1 redirects

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.21.242.219 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-242-219.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	wp.com i2.wp.com i0.wp.com i1.wp.com s0.wp.com stats.wp.com pixel.wp.com	708 KB
43	securityaffairs.co 1 redirects securityaffairs.co	1 MB
32	media.net contextual.media.net navvy.media.net lg3.media.net opt-east.media.net	213 KB
10	doubleclick.net securepubads.g.doubleclick.net	301 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	109 KB
7	googletagservices.com www.googletagservices.com	143 KB
6	sharethis.com 1 redirects ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	36 KB
5	googlesyndication.com tpc.googlesyndication.com
3	akamaihd.net qsearch-a.akamaihd.net	879 B
3	google.com adservice.google.com	561 B
3	google.de adservice.google.de	513 B
2	google-analytics.com google-analytics.com www.google-analytics.com	18 KB
2	twimg.com cdn.syndication.twimg.com pbs.twimg.com	4 KB
2	facebook.net connect.facebook.net	58 KB
1	facebook.com staticxx.facebook.com
1	consensu.org c.sharethis.mgr.consensu.org
1	gravatar.com secure.gravatar.com	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
0	googleapis.com Failed fonts.googleapis.com Failed
175	19

	Domain	Requested by
43	securityaffairs.co	1 redirects securityaffairs.co
20	contextual.media.net	securityaffairs.co contextual.media.net securepubads.g.doubleclick.net www.googletagservices.com
18	i1.wp.com	securityaffairs.co
13	i2.wp.com	securityaffairs.co
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net securityaffairs.co
9	i0.wp.com	securityaffairs.co
8	lg3.media.net	securityaffairs.co contextual.media.net
7	www.googletagservices.com	securityaffairs.co securepubads.g.doubleclick.net
7	platform.twitter.com	securityaffairs.co platform.twitter.com
5	tpc.googlesyndication.com	securepubads.g.doubleclick.net
3	qsearch-a.akamaihd.net	securityaffairs.co
3	adservice.google.com	www.googletagservices.com
3	adservice.google.de	www.googletagservices.com
3	navvy.media.net	contextual.media.net
3	l.sharethis.com	1 redirects securityaffairs.co
2	syndication.twitter.com	1 redirects securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	www.google-analytics.com
1	google-analytics.com	securityaffairs.co
1	pbs.twimg.com	securityaffairs.co
1	opt-east.media.net	securityaffairs.co
1	cdn.syndication.twimg.com	platform.twitter.com
1	pixel.wp.com	securityaffairs.co
1	staticxx.facebook.com	connect.facebook.net
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	s0.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
0	fonts.googleapis.com Failed	securityaffairs.co
175	33

This site contains links to these domains. Also see Links.

Domain
blog.sensecy.com
twitter.com
www.cyberark.com
gist.github.com
golang.org
seguranca-informatica.pt
www.linkedin.com
www.facebook.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com
blog.yoroi.company

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2019-02-21` - `2020-03-22`	a year	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.sharethis.com DigiCert SHA2 Secure Server CA	`2018-12-16` - `2020-03-16`	a year	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2018-11-19` - `2019-11-27`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-01-21` - `2019-04-21`	3 months	crt.sh
*.gravatar.com COMODO RSA Domain Validation Secure Server CA	`2018-09-06` - `2020-09-05`	2 years	crt.sh
*.sharethis.mgr.consensu.org DigiCert ECC Secure Server CA	`2018-07-31` - `2019-07-31`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
tpc.googlesyndication.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-01-24` - `2020-01-24`	a year	crt.sh
a248.e.akamai.net DigiCert ECC Secure Server CA	`2018-10-18` - `2019-10-18`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Frame ID: D5E3D8761086E582CCC998EED734DC7E
Requests: 127 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: 6B0A87C177666A0B5DF85636E69DD755
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883301364862&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Frame ID: 121562AE0B92BE4040F1A7B742F442D2
Requests: 2 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 2F820A1EF34D84E5EC445BD27CE8D86F
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883858729973&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Frame ID: 5AC49C1EACDA921E1AFAD82177F5ADC4
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 49E851836B9E5D382B8C520FEFA2D767
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=639665355&size=300x600&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883687033233&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Frame ID: 40BCC0FEC6BBAB2ED37942CA6AB11118
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: BDC3FACC6687F3F481F910E432AFD8CA
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Frame ID: 0C35C84DE56C33425641A3C9198BADA3
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Frame ID: AE90001FCD56BA70809C591C81203ACC
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Frame ID: 21C1E7477B23544B282CAAF45EA98FAB
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/vy-MhgbfL4v.js?version=44
Frame ID: 62E1BEECE3AFF4D85C4FDCB77B1B84A6
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&pid=8PO5M70HK&size=300x250&cpnet=yVb1sHm-0KIh29BOFTjjrEBbIZGw_v2fXpyZXRW3WVE%3D&cme=hmi3FHRUKMmzKimfb0JIDAbp_fyjVK7depiARrivsoxRj_hLfG7Sh7pIMMFBEH3GQmWMN5-SfqQXYweHSH8KKnPGVgvGQ_aPSf0OGKC6cBSpFVbTXU3f6_1duVJnBmigo-643UevFDALT110G-ESfQ%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237663&vi=1551931883301364862&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Frame ID: 50A90C1DA993190863C25610FC77FB07
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&pid=8PO5M70HK&size=300x250&cpnet=yVb1sHm-0KIh29BOFTjjrHvHwrQGlpByWaOO1vn303s%3D&cme=ddF3tVt6Jgwc0vmFKxq3sxZQnh0iZwpa5KhKGcDHJFxEgLz35A0naNpam52fKJe_u9tIkCm3_lVs8UO_TWiOPSCbQBfwxs5LQx8hOuBd8dcPClRiQGYMWhkgJLSjI5BzpX_yLx7ECLkDeliuUBQP2w%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237664&vi=1551931883858729973&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Frame ID: 62C03E6B422D88631E3AC393682F72F2
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=639665355&pid=8PO5M70HK&size=300x600&cpnet=yVb1sHm-0KIh29BOFTjjrOMbY3Wy7OSYfNFL7sC0vVY%3D&cme=hmi3FHRUKMkilTzseEeahYBK0Dc9Iehoc--eJ91ZbJOU32yPMPHcgTcILw-vm_YLN7Vl26zwtvAWFY8-y5nJkY74VltIAgM5qiRWJ1RL1t9F_RjSHP5de0JanKU1hKV6Xa5xAjKNU5clkdmKXRb2-Q%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237662&vi=1551931883687033233&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Frame ID: 8DF5F461990CB206C405AE3D6F06F5C4
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.704fca4914c9b90d7a9d41abcaa19933.html?origin=https%3A%2F%2Fsecurityaffairs.co&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: AF868B08AD9A773EF1127F8089C5B767
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Frame ID: 9E26CFC96CFE66B06412A145F962D6BD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1
Frame ID: FFE9FFB935E00B7EB0E4E5354361C2A3
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/__media__/js/util/nrrV3712.js
Frame ID: 763A9563407A4173C75BC76364CC79C3
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1
Frame ID: 45071D796E740E71DFD087C766A0B747
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: C5CF207AC433EAEFF16A2E015E6F818E
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/__media__/js/util/nrrV3712.js
Frame ID: 341FDE1D1581E82536980C83C399E0B9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i

MediaElement.js (Video Players) Expand

Overall confidence: 100%
Detected patterns

env /^mejs$/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter Emoji (Twemoji) (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

env /^twemoji$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

175
Requests

97 %
HTTPS

43 %
IPv6

19
Domains

33
Subdomains

24
IPs

4
Countries

3103 kB
Transfer

4881 kB
Size

7
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.sensecy.com/2017/04/03/updates-about-the-upcoming-opisrael-campaign/
Title: link

Search URL Search Domain Scan URL

URL: https://twitter.com/IdoNaor1
Title: Ido Naor

Search URL Search Domain Scan URL

URL: https://www.cyberark.com/threat-research-blog/opjerusalem-flashinstaller-ransomware/#_edn3
Title: GitHub

Search URL Search Domain Scan URL

URL: https://gist.github.com/yuvadm/d97af23a5128ecac1c4318fd5b42d676
Title: here

Search URL Search Domain Scan URL

URL: https://golang.org/
Title: Goland.

Search URL Search Domain Scan URL

URL: https://golang.org/src/crypto/aes/aes_gcm.go
Title: crypto_cipher_NewGCM

Search URL Search Domain Scan URL

URL: https://seguranca-informatica.pt/si-lab-the-story-of-the-jcry-ransomware-spread-in-opjerusalem2019-and-infecting-windows-users/#.XH9_5ehKg2w
Title: https://seguranca-informatica.pt/si-lab-the-story-of-the-jcry-ransomware-spread-in-opjerusalem2019-and-infecting-windows-users/#.XH9_5ehKg2w

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/sirpedrotavares/
Title: Pedro Tavares

Search URL Search Domain Scan URL

URL: https://seguranca-informatica.pt/
Title: seguranca–informatica.pt

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html&text=%5BSI-LAB%5D%20%23OpJerusalem%202019%20%E2%80%93%20JCry%20ransomware%20is%20now%20infecting%20Windows%20users%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html&title=[SI-LAB]%20#OpJerusalem%202019%20%E2%80%93%20JCry%20ransomware%20is%20now%20infecting%20Windows%20users
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/pierluigipaganini

Search URL Search Domain Scan URL

URL: https://blog.yoroi.company/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 96

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=6f69f6a-16956593ef8-761713f5-1&sessionID=1551931883256.10775&hostname=securityaffairs.co&location=%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html&product=simpleshare&fcmp=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&st_optout=false&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sharURL=&buttonType=ERROR&destination=ERROR&source=ERROR&title=%23OpJerusalem2019%20-%20JCry%20ransomware%20is%20now%20infecting%20Windows%20usersSecurity%20Affairs&ts1551931883256.0=&sop=false HTTP 301
https://l.sharethis.com/sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sop=false

Request Chain 135

https://securityaffairs.co/wordpress?ga_action=googleanalytics_get_script HTTP 301
https://securityaffairs.co/wordpress/?ga_action=googleanalytics_get_script

Request Chain 172

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

175 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request opjerusalem-2019-jcry-ransomware.html Show response
securityaffairs.co/wordpress/82030/hacking/ 85 KB
23 KB 82ms
56ms Document
text/html 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.15
Resource Hash: b37f6b2e976fc4a229357acd7a6dc873c55bb4129926ecf75c444fdf32da7013

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=UTF-8
date: Thu, 07 Mar 2019 04:11:22 GMT
server: Apache
vary: Accept-Encoding,Cookie
x-powered-by: PHP/7.2.15
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/?p=82030>; rel=shortlink
content-encoding: gzip

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 30 KB
31 KB 23ms
17ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f42551c6cb1f3a2597f99bdb1b458a5224c04d14de425efc4c1f543bbc1a2570

Request headers

:path: /wordpress/wp-includes/css/dist/block-library/style.css?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 09 Jan 2019 21:49:08 GMT
server: Apache
etag: "79d7-57f0d6e7da124"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 31191

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 55ms
49ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.7.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 8df692c63a3ad001e018a83f4578ac10c639ad4003619757293b5a192cd3704d

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.7.3
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 09 Jan 2019 22:07:48 GMT
server: Apache
etag: "a4d-57f0db13ba985"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 2637

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 12 KB
12 KB 89ms
83ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.7.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: bf59c6832eb9df82772307968b03faa3ed06bf8b2bd2bd994e5ac900e7ac58da

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.7.3
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 09 Jan 2019 22:07:48 GMT
server: Apache
etag: "2f4d-57f0db13ba985"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 12109

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 63ms
18ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
access-control-allow-origin: *
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 120ms
114ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
etag: "4d92-52704407f72c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 19858

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 154ms
147ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "21b-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 539

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 187ms
181ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
etag: "1851-5270441180940"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 6225

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 218ms
213ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: ffa31f5802b20d64a10c71ad93394c1e2b4b16f33e2f479d8274fd02ce0a594f

Request headers

:path: /wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Thu, 16 Nov 2017 13:57:00 GMT
server: Apache
etag: "2be0-55e19fe77c80f"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 11232

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 255ms
249ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "6b4-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1716

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 287ms
264ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "4574-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 17780

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 319ms
264ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "118d-526fe6e527680"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 4493

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 353ms
265ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
etag: "14e-526fe6d5e5280"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 334

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 386ms
266ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
etag: "1b844-526fe6d7cd700"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 112708

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 455ms
302ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.15
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

:path: /wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Thu, 07 Mar 2019 04:11:22 GMT
server: Apache
x-powered-by: PHP/7.2.15
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 453ms
267ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

:path: /wordpress/wp-content/themes/rigel_old/css/grid.css?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
etag: "c5f2-526fe6d6d94c0"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 50674

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 95 KB
95 KB 520ms
266ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "17b9f-5826f63145921"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 97183

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 23 KB
23 KB 302ms
16ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: dce50148adaff4dccd1d95c9b25563011436e398272d530e974193b8685340a2

Request headers

:path: /wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "5bdb-5826f63145921"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 23515

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 16 KB
16 KB 353ms
49ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.7.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aeb5d0f4df04257362f4ee45d1e4409b75e98928c633525dd6733ad653c7dfd

Request headers

:path: /wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.7.3
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 09 Jan 2019 22:07:48 GMT
server: Apache
etag: "3fd6-57f0db13ba985"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 16342

GET
H/1.1 200
OK st_insights.js Show response
ws.sharethis.com/button/ 21 KB
7 KB 11ms
7ms Script
application/javascript 23.67.137.77
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.67.137.77 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-137-77.deploy.static.akamaitechnologies.com
Software: nginx/1.12.2 /
Resource Hash: a09b7c49bf5c0486c2a351a82353c33f6ca21e885acc97d8f2bd7682acfe427b

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:22 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
ETag: W/"5c703983-557d"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=122098
Connection: keep-alive
Content-Length: 6358
Expires: Fri, 08 Mar 2019 14:06:20 GMT

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 92 KB
28 KB 47ms
7ms Script
text/javascript 104.109.70.8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.70.8 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-109-70-8.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4a60c8819e04945ff7ab8cc19b7ccbf622c1bb05a5c141d6733855f2ccf99ab3

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:22 GMT
Content-Encoding: gzip
ETag: W/"16e44-fCNJy8R5Kv7iox3MIUnz2qNf/IY"
Vary: Accept-Encoding
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 27878

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 554ms
202ms Image
image/png 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

:path: /wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
etag: "b0e9-5270743f5f480"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 45289

GET
H2 200 1.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 49 KB
49 KB 34ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/1.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7abbe16a86186f27575654f1035766b3fc222a149d3bff94365fdc071a5afe36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:22 GMT
x-content-type-options: nosniff
x-bytes-saved: 147275
last-modified: Wed, 06 Mar 2019 08:27:32 GMT
server: nginx
etag: "f57165144fee1f55"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/1.png>; rel="canonical"
content-length: 49952
expires: Fri, 05 Mar 2021 20:27:32 GMT

GET
H2 200 2.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 16 KB
16 KB 35ms
7ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/2.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

69c9966326d047a29a4346241231b3a127003235ec214b10d76fc652ca10256e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 23132
last-modified: Wed, 06 Mar 2019 08:27:32 GMT
server: nginx
etag: "3313974e384d6e2b"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/2.png>; rel="canonical"
content-length: 16534
expires: Fri, 05 Mar 2021 20:27:32 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 93 KB
28 KB 30ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E8) /
Resource Hash: 0e07e3d6ad76ab0709eadac430a14cb29751ba0a7bd2dc680bda12f1df02779e

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Feb 2019 17:42:52 GMT
Server: ECS (fcn/40E8)
Etag: "c54a20b3c9ac265efb0470cdf91aff7f+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Content-Length: 28030

GET
H2 200 3.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 35 KB
36 KB 44ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/3.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8f79108ec176086c9b75a8a062a685a6f4fed76b6da4978cfbc94a861ad65308

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 45862
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "4563bb3ce693b349"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/3.png>; rel="canonical"
content-length: 36298
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 fake-adobe-flash-prompt.jpg
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 4 KB
5 KB 56ms
27ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/fake-adobe-flash-prompt.jpg?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ecdd244316da113f5a7c0a8f7ab05212a511ebe0bb64be37c07a0017c8226496

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 20
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 5147
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "245b7bce638198ce"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/fake-adobe-flash-prompt.jpg>; rel="canonical"
content-length: 4488
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 4.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 18 KB
18 KB 43ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/4.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4b6fd7469b9697531a7e3f1d5fe7b2a51ec3c74f9b5735dd647518c3903d2074

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 24367
last-modified: Wed, 06 Mar 2019 08:26:33 GMT
server: nginx
etag: "da1b7bd040d785bd"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/4.png>; rel="canonical"
content-length: 18424
expires: Fri, 05 Mar 2021 20:26:33 GMT

GET
H2 200 defaced-page.jpg
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 4 KB
5 KB 55ms
27ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/defaced-page.jpg?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

4f754eeab6b52fce3c1c51f02a8755be51733297d7f753316ecc91efc69c1dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 4839
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "179a5d85b7b37c72"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/defaced-page.jpg>; rel="canonical"
content-length: 4472
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 5.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 2 KB
2 KB 55ms
22ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/5.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7267a172cec0d6c1a9c7eaf1e4f123d3f708136c0a76994c799c90d5fc0948b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 11370
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "3cd775f093992ce3"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/5.png>; rel="canonical"
content-length: 2236
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 6.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 8 KB
8 KB 55ms
27ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/6.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

2f7469d34dd3ed986dc38a14e0703a5366950e3f5a584d0df24221e69488cfc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 3221
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "1bc8c08fdecbb770"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/6.png>; rel="canonical"
content-length: 7686
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 9.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 6 KB
6 KB 43ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/9.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

2fc8b48b6b6111004490bc7549cf35379e7f409213091aaab12c321c9883b3cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 952
last-modified: Wed, 06 Mar 2019 08:26:33 GMT
server: nginx
etag: "5b2c98c2638fb415"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/9.png>; rel="canonical"
content-length: 5916
expires: Fri, 05 Mar 2021 20:26:33 GMT

GET
H2 200 8.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 9 KB
9 KB 55ms
22ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/8.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1b29ae741ac084395fc825de410a72b5d8c0a6eb8335729624beac22645b2615

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "a5baf8840a4b7dc4"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/8.png>; rel="canonical"
content-length: 8716
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 7.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 9 KB
9 KB 55ms
22ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/7.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9f12cd2d7c98256e4671b231c4edce6d9e3282ffb748c858df6c344fe5d1f8e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "7b31aa3400f55f80"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/7.png>; rel="canonical"
content-length: 8938
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 10.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 13 KB
13 KB 51ms
25ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/10.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c540f6c2fc7b8ca66b22314b4245b0c9e172bb3553b2eae427475b35f460b34b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "3dcd9a79c44420fd"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/10.png>; rel="canonical"
content-length: 12878
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 11.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 16 KB
17 KB 42ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/11.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c42b9d78517cfd5c60f2cdb0e7fec02a7d9e8990567b40be17db64c30382bcff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:26:33 GMT
server: nginx
etag: "18b2d36753907d3a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/11.png>; rel="canonical"
content-length: 16830
expires: Fri, 05 Mar 2021 20:26:33 GMT

GET
H2 200 12.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 38 KB
38 KB 54ms
22ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/12.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d82326fdfc807ab7fa4e205d8a61bcb13174db0af0613b6dbcd725e7dfe7fad3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "0c0eabc6674ac94e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/12.png>; rel="canonical"
content-length: 38622
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 13.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 56 KB
56 KB 54ms
22ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/13.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c22e90e18fec7ac83486e2bba94487e0e0d3870b0aefbdf43061febf1dd9134d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "3aa6c2e6980a4924"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/13.png>; rel="canonical"
content-length: 57292
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 14.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 23 KB
23 KB 54ms
27ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/14.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

32af1efb0f829ef4672b2680cbf8a3989ebbd67f9f7b2023d7298c10c1c7f44d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "c11f7f78dc864d1d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/14.png>; rel="canonical"
content-length: 23408
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 15.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 9 KB
9 KB 24ms
24ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/15.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

149dfd3d9187ee29881fd5b641bc87e24321d1f9747336f05974ba1e88013d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "638166031fef7325"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/15.png>; rel="canonical"
content-length: 9434
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 30.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 12 KB
12 KB 8ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/30.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e04c31a5a01505509b5d552c4786d660e332d6cda875afaeb6a04a0ec9aa5b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:26:34 GMT
server: nginx
etag: "b0b2d9b73375eb3a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/30.png>; rel="canonical"
content-length: 12296
expires: Fri, 05 Mar 2021 20:26:34 GMT

GET
H2 200 17.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 12 KB
12 KB 50ms
25ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/17.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8b4fd35bb0e9e9d2cfb47a13bd9307e162e786301859bc334f83701f71f9f478

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "61b271474d122c4d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/17.png>; rel="canonical"
content-length: 11984
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 18.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 5 KB
5 KB 41ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/18.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a1461908b89cde70d8ca2e4c7f7d13162f322c9458bc2b7fe49407ddb6848188

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "212a37b7647e8daa"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/18.png>; rel="canonical"
content-length: 4822
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 19.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 31 KB
31 KB 41ms
16ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/19.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

429918b4a4990488aa25ac7dd18455da0da4ecfbcc6969698b3cd3c409370a50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:26:34 GMT
server: nginx
etag: "ff28fbaaab593a06"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/19.png>; rel="canonical"
content-length: 31642
expires: Fri, 05 Mar 2021 20:26:34 GMT

GET
H2 200 20.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 9 KB
9 KB 41ms
17ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/20.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

0fbd55154e4c77fa46d7da672ad3ffadb0789faf6fd7905a1196f71e6f03b7a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "31a45543a648fe63"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/20.png>; rel="canonical"
content-length: 8728
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 21.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 41 KB
42 KB 11ms
9ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/21.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

e2025e131ed88bd668289c0685b6e3ebeb9dd62f000b32d52a0296550e53b3df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 20058
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "885f0c1e349c70e1"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/21.png>; rel="canonical"
content-length: 42314
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 22.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 43 KB
43 KB 11ms
10ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/22.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

acb265a34168242b15068040813067950df7c6ee204beb00a76ec95be913d21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 19102
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "24dfa3de2e8c9345"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/22.png>; rel="canonical"
content-length: 44064
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 23.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 37 KB
38 KB 11ms
10ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/23.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

6db4ff6b9df5da796893f81e6793bcdd1bc49dc4e5ae3f25ddc18b75d032d5ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "ce14faf9b7119f8d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/23.png>; rel="canonical"
content-length: 38218
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 24.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 10 KB
10 KB 11ms
10ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/24.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

203f0d79138ecf8188e4bdf3eb74f7250ef99e05c4b43d8d893c6a2c210d1f69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 579
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "9af169e7276b822f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/24.png>; rel="canonical"
content-length: 10576
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 25.png
i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 11 KB
11 KB 46ms
25ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/25.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

49e544f9a27b6ca6a1c9c8fc5e2f2229255287b9a9be44925233600eb67eecfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "6f66408b56d08e6c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/25.png>; rel="canonical"
content-length: 11564
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 27.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 12 KB
12 KB 9ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/27.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ee04691862002e56924b19a2b36bb7ec8632b5f49795fa1b1655b4d93ff60643

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 2999
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "0a24cff32aae214d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/27.png>; rel="canonical"
content-length: 12364
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 26.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 33 KB
33 KB 10ms
10ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/26.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

ce7aafcd356c4799848c473d72a4b35aa4099141f4e8a29e6645ecd58ce02eae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "20250ac3fd606ad2"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/26.png>; rel="canonical"
content-length: 33314
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 28.png
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 19 KB
19 KB 10ms
10ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/28.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8931988dbf3ce730f27d6ce9e03f25332803858f31c92d1c51900dd80766067f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "a3cdefee4ff2117b"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/28.png>; rel="canonical"
content-length: 19324
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 tor-site.jpg
i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 37 KB
37 KB 10ms
9ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/tor-site.jpg?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

d9185a7ba8c1c6cbbef9de7f01dfef361fa199cb6e9d151e8c7242a807a9f860

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 29244
last-modified: Wed, 06 Mar 2019 08:26:34 GMT
server: nginx
etag: "65eee68bc15d1ec4"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/tor-site.jpg>; rel="canonical"
content-length: 37910
expires: Fri, 05 Mar 2021 20:26:34 GMT

GET
H2 200 29.png
i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/ 28 KB
28 KB 9ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/seguranca-informatica.pt/wp-content/uploads/2019/03/29.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

97ceb7d63ad34a4e034aa8c9420418c7b17897eabe960ff339ecfab9f9cec67a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 19015
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "85f881cfadd142b2"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://seguranca-informatica.pt/wp-content/uploads/2019/03/29.png>; rel="canonical"
content-length: 28732
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H/1.1 200
OK dmedianet.js Show response
contextual.media.net/ 137 KB
47 KB 101ms
33ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 65413af4fd7954959d58c789ea4cff5b61e71d506c869f8d2663cd0b354e04cc

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-MNET-H: 8-2
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, no-cache, no-store
Transfer-Encoding: chunked
X-MN-W: 8-3
Connection: keep-alive, Transfer-Encoding
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 facebook.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
985 B 10ms
9ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

c067a7d5bc50ed4ba554421966d6c4b0140ff2ed4574640fd5abcfa1ab35be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 16
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 15
last-modified: Thu, 22 Nov 2018 08:33:48 GMT
server: nginx
etag: "736e06fd682a025c"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 21 Nov 2020 20:33:48 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 7ms
5ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b0f5dfcfd3be651fe135c041c7cc9468723f2b265a5ffc73a3863b73a195eaa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: p5eruDWGsCpybX9ueTca3g==
status: 200
date: Thu, 07 Mar 2019 04:11:23 GMT
vary: Accept-Encoding
content-length: 1775
x-fb-debug: J38u3J+8MeEnXQrvHOlMDAM3crc9gAhiCD9Nedercm6KAjGWlst8Fk4Lcqlvr+s5soBssww/WQ2sM30lgrTjpg==
x-fb-content-md5: 4cb54a595f7c7ed09124a1d6761990a6
etag: "d6d15231e180f869f66f085b5a4db3d6"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 07 Mar 2019 04:23:59 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 25 KB
25 KB 136ms
92ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 7bbd355b4ca50ea670a75269add0ab1d071fb030fb26ab868917078535e78c99

Request headers

:path: /wordpress/wp-includes/js/twemoji.js?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "64d9-5826f6315ff01"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 25817

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 239ms
102ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: c026c385573035118cb24fe5315dceea3f26646af3e91df1ad530e49121753d0

Request headers

:path: /wordpress/wp-includes/js/wp-emoji.js?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "22d2-5826f6315ef61"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8914

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 9ms
7ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7a8cf6b7fce01f318e416ae1904132265526ca2b6ef3003f7fe831186a7380a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Nov 2018 08:33:48 GMT
server: nginx
etag: "f41e738ae7ad1725"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 21 Nov 2020 20:33:48 GMT

GET
H2 200 linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 8ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

00a4c9aeb6f61ae7f260eea51d5d19a651544c01d202363463375992ef021960

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Nov 2018 08:33:49 GMT
server: nginx
etag: "23febe7e88f79759"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1182
expires: Sat, 21 Nov 2020 20:33:49 GMT

GET
H2 200 reddit.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 45ms
24ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

9eade11ffd772c4492d46969c94db94238be90cb2fc9ed98b199a64113d33920

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 16
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Nov 2018 08:33:48 GMT
server: nginx
etag: "cf7896dc19651b36"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Sat, 21 Nov 2020 20:33:48 GMT

GET
H2 200 pinterest.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 8ms
7ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

639b4509780048ed50d9f5cd861010522112bcf8c9c2d26f5ddec78c7e739a5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 20
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 20 Mar 2018 11:45:48 GMT
server: nginx
etag: "6e1f3fcb0234bf51"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1750
expires: Thu, 19 Mar 2020 23:45:48 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 48ms
12ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 643a860832456b5a74825b79d625434b5c4c2a344b8f9bef3614b327bea52646

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT vie 4
date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
access-control-allow-origin: *
source-age: 11582222
content-type: image/jpeg
status: 200
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Thu, 07 Mar 2019 04:16:23 GMT

GET
H2 200 op-Pistacchietto.jpg
securityaffairs.co/wordpress/wp-content/uploads/2019/03/ 99 KB
99 KB 106ms
15ms Image
image/jpeg 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2019/03/op-Pistacchietto.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 187dc7ee3f2157658f117c8574725727d4e670016d85164fa86744f189f0bd34

Request headers

:path: /wordpress/wp-content/uploads/2019/03/op-Pistacchietto.jpg
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 06 Mar 2019 18:47:37 GMT
server: Apache
etag: "18c35-583716c778ce9"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 101429

GET
H2 200 android-chrome-hack-2.png
securityaffairs.co/wordpress/wp-content/uploads/2015/11/ 513 KB
514 KB 188ms
79ms Image
image/png 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/11/android-chrome-hack-2.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 9060e1784e6c88f6f932f67c8737cf922d4f23ebfaa4ae1d1098812810a6c81a

Request headers

:path: /wordpress/wp-content/uploads/2015/11/android-chrome-hack-2.png
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 13:32:28 GMT
server: Apache
etag: "805d5-52703eff8d300"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 525781

GET
H2 200 Digging-The-Deep-Web.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 10ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

2cbb8dfc4483c9ce680df342866531ac656e8bed029dcd37a1872327023da5f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 20
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 49467
last-modified: Thu, 22 Nov 2018 08:33:49 GMT
server: nginx
etag: "45242b8df2596de9"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6390
expires: Sat, 21 Nov 2020 20:33:49 GMT

GET
H/1.1 200
OK paganini.jpg
securityaffairs.co/images/ 64 KB
65 KB 22ms
11ms Image
image/jpeg 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://securityaffairs.co/images/paganini.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: abf0a396ecd082fb921175db8d4bc820ac383082eb4f8a566f4cee5aaa786808

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Last-Modified: Wed, 16 Dec 2015 01:06:12 GMT
Server: Apache
ETag: "10128-526f9831d4900"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=15
Content-Length: 65832

GET
H2 200 yoroi.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2017/06/ 6 KB
6 KB 9ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2017/06/yoroi.png?resize=300%2C286&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

aecbb7494580f4902d9b6686614623951c0d599a7a21fe0f855491b0f52987a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 21
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 10968
last-modified: Thu, 22 Nov 2018 08:33:49 GMT
server: nginx
etag: "d7350f6e31d34ea1"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2017/06/yoroi.png>; rel="canonical"
content-length: 6494
expires: Sat, 21 Nov 2020 20:33:49 GMT

GET
H2 200 APT40.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/03/ 22 KB
22 KB 9ms
8ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2019/03/APT40.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a58b4eae8006964cf8864d41d1d760f1da08273c756a4f20e17be71b9eb4bd1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT fra 16
date: Thu, 07 Mar 2019 04:11:23 GMT
x-content-type-options: nosniff
x-bytes-saved: 50482
last-modified: Wed, 06 Mar 2019 08:27:33 GMT
server: nginx
etag: "95fbb9f197b7ce21"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2019/03/APT40.png>; rel="canonical"
content-length: 22338
expires: Fri, 05 Mar 2021 20:27:33 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 105 KB
105 KB 456ms
269ms Stylesheet
text/css 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f18a045b26a9d37b6e3c7a365cf2b72be7cc8711506c3d342c7a2651937db8f1

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Mon, 31 Dec 2018 16:15:58 GMT
server: Apache
etag: "1a45a-57e53ba680b86"
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 107610

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 1 KB
1 KB 357ms
86ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20130122
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 87879846a54fe4a250a2a9808103f1ed6943af45e4cbb7f067c44da57c61b3d4

Request headers

:path: /wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20130122
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Fri, 15 Feb 2019 22:24:21 GMT
server: Apache
etag: "562-581f63c9122d8"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1378

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 1 KB
1 KB 179ms
179ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2f64b025cec8c93dcb01fe88f0e79c134bc0a6c751787360153865dfa9f3a962

Request headers

:path: /wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Tue, 26 Feb 2019 22:21:14 GMT
server: Apache
etag: "40b-582d379a56d47"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1035

GET
H2 200 devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 51ms
12ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201910
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: HIT ams 32
date: Thu, 07 Mar 2019 04:11:22 GMT
content-encoding: gzip
server: nginx
etag: W/"5841a56f-52b6"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 2.ams _dfw
expires: Mon, 02 Mar 2020 10:53:01 GMT

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 15ms
15ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

:path: /wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Mon, 31 Dec 2018 16:15:58 GMT
server: Apache
etag: "792-57e53ba684a06"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1938

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 102ms
101ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3db-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 987

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 196ms
196ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1113-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 4371

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 197ms
197ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "1fa1-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8097

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 194ms
193ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "a36-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 2614

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 200ms
200ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
etag: "53ae-5270441274b80"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 21422

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 194ms
193ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
etag: "1f6c-526fe6e527680"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8044

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 48ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
etag: "11571-5270441645480"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 71025

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 253ms
222ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "2a67-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 10855

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 352ms
321ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "c18-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3096

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 457ms
427ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
etag: "3225-526fe6e433440"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12837

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 551ms
522ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

:path: /wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
etag: "31d4-526fe6e33f200"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 12756

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 651ms
622ms Script
application/javascript 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=312b1979e32bfe80aa528f9729270224
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

:path: /wordpress/wp-includes/js/wp-embed.js?ver=312b1979e32bfe80aa528f9729270224
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:scheme: https
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
etag: "c8e-5826f6315ef61"
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 3214

GET
H2 200 e-201910.js Show response
stats.wp.com/ 9 KB
3 KB 31ms
7ms Script
application/x-javascript 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-201910.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 01 Mar 2020 10:28:35 GMT

GET
H/1.1 200
OK 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
450 B 51ms
7ms Script
text/javascript 104.109.70.8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.70.8 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-109-70-8.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Last-Modified: Mon, 13 Aug 2018 16:48:12 GMT
Server: AmazonS3
x-amz-request-id: EA0807EFA88E5A98
ETag: "e6e1643313740711175f51662a65b42f"
Content-Type: text/javascript
Cache-Control: public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30
x-amz-id-2: 5U7gqjlqVQT7LvrvS/0Aac5zIg3fYVA3fgSIpjcCTim/y/S9kXSkANt2A0ukIoA66uteq3OMwUw=

GET
H/1.1 200
OK portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 6B0A 0
0 13ms
8ms Document
text/html 23.14.94.45
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.14.94.45 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-14-94-45.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: c.sharethis.mgr.consensu.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
ETag: W/"26b-4977387000"
Last-Modified: Tue, 01 Jan 1980 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 334
Cache-Control: public, max-age=3600
Date: Thu, 07 Mar 2019 04:11:23 GMT
Connection: keep-alive

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 67ms
43ms Font
application/font-woff 2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

:path: /wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1
origin: https://securityaffairs.co
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.co

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
etag: "ad90-526fe6dc92240"
content-type: application/font-woff
status: 200
accept-ranges: bytes
content-length: 44432

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 180 KB
57 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=dfcf8047c1c958abdf6dc9defb7adb27&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

34f6ae23ca1bf3949f040a8d5aab73ee6a34e3efdad337dde738cc2adda6ee01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: sD9A225WoiOY0j+tLOaaqw==
status: 200
date: Thu, 07 Mar 2019 04:11:23 GMT
vary: Accept-Encoding
content-length: 57726
x-fb-debug: 8iLA6aXXf+I2MD4LH3KqVvVYY4Yagv84pj487rBO6UbN9pWy2YQ5R8kTNfBWAN7w0170tAHcmOA0Du9BdeSiYA==
x-fb-content-md5: 39f7ce68f594e78907cdd73fe1ce2633
etag: "17d4dedaf9e021dcefa9b73d8c258248"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Thu, 05 Mar 2020 22:15:41 GMT

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&fpc=6f69f6a-16956593ef8-761713f5-1&sessionID=1551931883256.10775&hostname=securityaffairs.co&location=%2Fwordpress%2F82030%2...
https://l.sharethis.com/sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7...

0
-1 B

46ms
9ms

XHR
text/html

18.195.194.147
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sop=false
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.194.147 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-194-147.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Location: /sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sop=false
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 281
Stid: ZGAB11yAmesAAAATDgZSAw==

Redirect headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sop=false
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 281
Stid: ZGAB11yAmesAAAATDgZSAw==

GET
H/1.1 200
OK rtbspub Show response
contextual.media.net/ 1 KB
1 KB 117ms
116ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/rtbspub?&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=762221962&size=300x250&rp=0.90&vi=1551931883301364862&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&useAppData=0&gdpr=1&hlt=1&tr=0.5244931441297853
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c3202fa17078bddc070206f6f5cd6041cadd3e4232147d3690f1fc877eff4b0e

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 873
X-MNET-HL2: E
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK fcmdynet.js Show response
contextual.media.net/ Frame 1215 41 KB
15 KB 255ms
220ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883301364862&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6d538266c4aa994eb2325ace1b88a6367ced5ba5d67a9583c973dc8f53233995

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
X-MN-W: 12-4
Connection: keep-alive
Content-Length: 15005
X-MNET-HL2: 8-12
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2F82 33 KB
11 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

88c5a83e858c757c32175e365aa96df6982e05697313e99df0d53e70b506e082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "99 / 654 of 1000 / last-modified: 1551886619"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 10890
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

POST
H2 200 bping.php
navvy.media.net/ 807 B
1 KB 542ms
165ms Other
image/gif 54.219.148.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/bping.php
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.148.162 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-219-148-162.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 07 Mar 2019 04:11:24 GMT
server: Jetty(9.4.7.v20170914)
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache,no-store
content-disposition: inline;filename=f.txt
content-length: 807
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK rtbspub Show response
contextual.media.net/ 1 KB
980 B 190ms
139ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/rtbspub?&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&size=300x250&rp=0.50&vi=1551931883858729973&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&useAppData=0&gdpr=1&hlt=1&tr=0.248683860423637
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0ed274bbf81ac6e454ee67639cef75f9dd8719b6f21da158b120ac1adc0f2243

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 642
X-MNET-HL2: E
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK fcmdynet.js Show response
contextual.media.net/ Frame 5AC4 41 KB
15 KB 272ms
225ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883858729973&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: da4e4f03bed04e1f4dd53b885d09519614360f73df215258f797fc9a78be09c8

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
X-MN-W: 12-3
Connection: keep-alive
Content-Length: 15033
X-MNET-HL2: 8-12
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 49E8 33 KB
11 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

88c5a83e858c757c32175e365aa96df6982e05697313e99df0d53e70b506e082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "99 / 961 of 1000 / last-modified: 1551886619"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 10890
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK fcmdynet.js Show response
contextual.media.net/ Frame 40BC 41 KB
15 KB 269ms
234ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=639665355&size=300x600&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883687033233&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 88d5f63ddbf3a5a2c2a5dad9a2ae572a57bb4ee48d25247c0f24e04a0795a704

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
X-MN-W: 12-1
Connection: keep-alive
Content-Length: 15037
X-MNET-HL2: 8-12
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame BDC3 33 KB
11 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

88c5a83e858c757c32175e365aa96df6982e05697313e99df0d53e70b506e082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "99 / 93 of 1000 / last-modified: 1551886619"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 10890
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
280 B 75ms
16ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=762221962&vi=1551931883301364862&ugd=4&lf=6&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&cc=DE&sc=HE&lper=100&wsip=2886780938&r=1551931883525&vgd_sbSup=1&vgd_isAmp=0&vgd_asn=9009&vgd_nvLogging=0&hvsid=00001551931883522031182208003404
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
280 B 91ms
23ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=639665355&vi=1551931883687033233&ugd=4&lf=6&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&cc=DE&sc=HE&lper=100&wsip=2886780938&r=1551931883564&vgd_sbSup=1&vgd_isAmp=0&vgd_asn=9009&vgd_nvLogging=0&hvsid=00001551931883563031182208003952
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:23 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 51 B
476 B 12ms
11ms XHR
text/plain 18.195.194.147
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAB11yAmesAAAATDgZSAw%3D%3D&uid=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&sop=false
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.194.147 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-194-147.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 9f292fc61362f1312ffff3f659e6e5809c16c2c1ec5288c91508abbd88f33dc6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

Date: Thu, 07 Mar 2019 04:11:23 GMT
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZGAB11yAmesAAAATDgZSAw==
Access-Control-Allow-Headers: *
Content-Length: 51

GET
H/1.1 200
OK Cookie set checksync.php
contextual.media.net/ Frame 0C35 0
0 60ms
22ms Document
text/html 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: contextual.media.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Accept-Encoding: gzip, deflate, br
Cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: gdpr_status=1; Expires=Sun, 08 Sep 2019 04:11:23 GMT; domain=.media.net; Path=/;
X-MNET-HL2: E
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=604800
Expires: Thu, 14 Mar 2019 04:11:23 GMT
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Length: 4159
Connection: keep-alive

GET
H/1.1 200
OK Cookie set checksync.php
contextual.media.net/ Frame AE90 0
0 69ms
22ms Document
text/html 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: contextual.media.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Accept-Encoding: gzip, deflate, br
Cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: gdpr_status=1; Expires=Sun, 08 Sep 2019 04:11:23 GMT; domain=.media.net; Path=/;
X-MNET-HL2: E
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=604800
Expires: Thu, 14 Mar 2019 04:11:23 GMT
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Length: 4159
Connection: keep-alive

GET
H/1.1 200
OK Cookie set checksync.php
contextual.media.net/ Frame 21C1 0
0 74ms
20ms Document
text/html 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/checksync.php?&gdpr=1&cs=2&cv=31&cid=8CU5BD6EW&https=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: contextual.media.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Accept-Encoding: gzip, deflate, br
Cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: gdpr_status=1; Expires=Sun, 08 Sep 2019 04:11:23 GMT; domain=.media.net; Path=/;
X-MNET-HL2: E
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=604800
Expires: Thu, 14 Mar 2019 04:11:23 GMT
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Length: 4159
Connection: keep-alive

GET
H2 200 vy-MhgbfL4v.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 62E1 0
0 6ms
6ms Document
text/html 2a03:2880:f01c:216:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter/r/vy-MhgbfL4v.js?version=44

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=dfcf8047c1c958abdf6dc9defb7adb27&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter/r/vy-MhgbfL4v.js?version=44
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

status: 200
content-encoding: br
content-type: text/html; charset=utf-8
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Wed, 04 Mar 2020 15:26:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-debug: KjbUdavtFKVakYTWU4KIoH6Rg7n85fqf35BoZiiWFlPb8jBLk5NQ93GZiF5aUxjB8vvNeEtRLQITHbZ/mN+ong==
content-length: 11024
date: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2F82 109 B
171 B 20ms
19ms Script
application/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2F82 122 B
189 B 19ms
18ms Script
application/javascript 2a00:1450:4001:819::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

b45c133d2b75b9008c9631e0a1228b2834cc1f21c652ce943dea706b524ffd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 119
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2F82 175 KB
61 KB 19ms
19ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js?21063279

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

92ca91e1a7a8e3f20a6cfbe487b20ec716258b98c3ab727c360513664341056d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 61934
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 49E8 109 B
171 B 19ms
14ms Script
application/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 49E8 122 B
186 B 19ms
15ms Script
application/javascript 2a00:1450:4001:819::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

b45c133d2b75b9008c9631e0a1228b2834cc1f21c652ce943dea706b524ffd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 119
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 49E8 175 KB
61 KB 18ms
15ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

92ca91e1a7a8e3f20a6cfbe487b20ec716258b98c3ab727c360513664341056d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 61934
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame BDC3 109 B
171 B 17ms
15ms Script
application/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame BDC3 122 B
186 B 17ms
15ms Script
application/javascript 2a00:1450:4001:819::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

b45c133d2b75b9008c9631e0a1228b2834cc1f21c652ce943dea706b524ffd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 119
x-xss-protection: 1; mode=block

GET
H2 200 pubads_impl_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame BDC3 175 KB
61 KB 93ms
91ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

92ca91e1a7a8e3f20a6cfbe487b20ec716258b98c3ab727c360513664341056d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 61934
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK nrrV3712.js Show response
contextual.media.net/__media__/js/util/ Frame 1215 61 KB
20 KB 18ms
17ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/fcmdynet.js?&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&nse=3&vi=1551931883301364862&lw=1&ugd=4&re=1&hlt=1&dfp=1&rtbs=1&nb=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c61ed6973cc43fe79354b7f3e073ef73f38a8822ee4959b9209df0b65c7a179

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: max-age=2592000
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-MNET-H: 8-11
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=1209600
Connection: keep-alive
Content-Length: 20622
Expires: Thu, 21 Mar 2019 04:11:23 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2F82 3 KB
2 KB 247ms
246ms XHR
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3336953850566267&correlator=978823719129048&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21061864%2C21063279%2C21062378%2C21062886%2C21063159&vrg=313&npa=1&guci=1.2.0.0.2.1.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A32776&sc=1&sfv=1-0-32&iu=%2F45361917%2F8CU5BD6EW-762221962-300x250_inside_post&sz=300x250&scp=crid%3D762221962%26mnet_segment%3D0.90%26mnet_variant%3D0%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DDE%26mnet_bucketid%3Db3%26mnet_ref_ybn%3D1%26PubMaticSS%3D1610%26RubiconSS%3D2209&eri=4&cookie_enabled=1&bc=15&lmt=1551931883&dt=1551931883821&dlt=1551931883543&idt=149&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=320&ady=14026&adk=3177995050&uci=84g28mavpk1s&ifi=1&ifk=2357135334&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&blev=1&bisch=1&ga_vid=866992936.1551931884&ga_sid=1551931884&ga_hid=1459217263&fws=256

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js?21063279

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

75080856b5f00d13d6a98ac15105935625e25e16ed1d8f7ab9df9946a8a51657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 1859
x-xss-protection: 1; mode=block
google-lineitem-id: 731778557
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 33134143277
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2F82 67 KB
25 KB 15ms
15ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js?21063279

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js?21063279

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

36e37aa427c03ec10d908586e67951e999a31e5f9629ced1b79a7d8f10b40aad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 25399
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ Frame 2F82 0
0 6ms
6ms Other
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js?21063279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H/1.1 200
OK mediamain.html Show response
contextual.media.net/ Frame 50A9 58 KB
15 KB 337ms
335ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=762221962&pid=8PO5M70HK&size=300x250&cpnet=yVb1sHm-0KIh29BOFTjjrEBbIZGw_v2fXpyZXRW3WVE%3D&cme=hmi3FHRUKMmzKimfb0JIDAbp_fyjVK7depiARrivsoxRj_hLfG7Sh7pIMMFBEH3GQmWMN5-SfqQXYweHSH8KKnPGVgvGQ_aPSf0OGKC6cBSpFVbTXU3f6_1duVJnBmigo-643UevFDALT110G-ESfQ%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237663&vi=1551931883301364862&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c5a79ec7382c7d79d64c074ac0def918edb046501d7271f69697eafdf0bd1740

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
X-MNET-HL3: 8-12
X-MN-W: 12-7
Connection: keep-alive
Content-Length: 14997
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 49E8 68 KB
21 KB 214ms
213ms XHR
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=48351567618743&correlator=2314145140125390&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&jar=2019-03-07-04&eid=21061507%2C21062378%2C21062886%2C21063065%2C21063116%2C53887177%2C21063161&vrg=313&npa=1&guci=1.2.0.0.2.1.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A32776&sc=1&sfv=1-0-32&iu=%2F45361917%2F8CU5BD6EW-184323154-Single_post_ads&sz=300x250&scp=crid%3D184323154%26mnet_segment%3D0.27%26mnet_variant%3D454%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DDE%26mnet_bucketid%3Db3%26mnet_ref_ybn%3D1%26PubMaticSS%3D1610%26RubiconSS%3D2209&eri=4&cookie_enabled=1&bc=15&lmt=1551931883&dt=1551931883871&dlt=1551931883559&idt=207&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=973&ady=433&adk=2598375999&uci=k1n4l8hq6nc0&ifi=1&ifk=2357135334&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&blev=1&bisch=1&ga_vid=392238672.1551931884&ga_sid=1551931884&ga_hid=1094318345&fws=256

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

375a874e4b814a7606e43f935e216648b368e6ff66f6c91842881cf432df8f61

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8384627913270661644/3panzer.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8384627913270661644/3panzer.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLnon-WU7-ACFYIK4AoduCYFMQ&gqi=65mAXMaKNonQgAegwJvYDQ&layout=/sadbundle/%24csp%253Der3%24/8384627913270661644/3panzer.html
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8384627913270661644/3panzer.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8384627913270661644/3panzer.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLnon-WU7-ACFYIK4AoduCYFMQ&gqi=65mAXMaKNonQgAegwJvYDQ&layout=/sadbundle/%24csp%253Der3%24/8384627913270661644/3panzer.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 20964
x-xss-protection: 1; mode=block
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 07 Mar 2019 04:11:24 GMT
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 49E8 67 KB
25 KB 18ms
14ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

36e37aa427c03ec10d908586e67951e999a31e5f9629ced1b79a7d8f10b40aad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 25399
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ Frame 49E8 0
0 6ms
6ms Other
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H/1.1 200
OK mediamain.html Show response
contextual.media.net/ Frame 62C0 58 KB
15 KB 378ms
377ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&pid=8PO5M70HK&size=300x250&cpnet=yVb1sHm-0KIh29BOFTjjrHvHwrQGlpByWaOO1vn303s%3D&cme=ddF3tVt6Jgwc0vmFKxq3sxZQnh0iZwpa5KhKGcDHJFxEgLz35A0naNpam52fKJe_u9tIkCm3_lVs8UO_TWiOPSCbQBfwxs5LQx8hOuBd8dcPClRiQGYMWhkgJLSjI5BzpX_yLx7ECLkDeliuUBQP2w%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237664&vi=1551931883858729973&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 526e1f9465b4179f7b454a7e54f3b13f49f82813e1e7b8256d3bb6ab790dc9ce

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
X-MNET-HL3: 8-12
X-MN-W: 12-17
Connection: keep-alive
Content-Length: 14946
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK mediamain.html Show response
contextual.media.net/ Frame 8DF5 83 KB
18 KB 398ms
397ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/mediamain.html?&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=639665355&pid=8PO5M70HK&size=300x600&cpnet=yVb1sHm-0KIh29BOFTjjrOMbY3Wy7OSYfNFL7sC0vVY%3D&cme=hmi3FHRUKMkilTzseEeahYBK0Dc9Iehoc--eJ91ZbJOU32yPMPHcgTcILw-vm_YLN7Vl26zwtvAWFY8-y5nJkY74VltIAgM5qiRWJ1RL1t9F_RjSHP5de0JanKU1hKV6Xa5xAjKNU5clkdmKXRb2-Q%3D%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C&https=1&cc=DE&bf=0&staticIframe=1&vif=1&nse=3&bid=237662&vi=1551931883687033233&lw=1&ugd=4&ib=0&katbid=-2&nb=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cc9613e715328bb1b7fb4bfa887bbfc8407f9bb56b177f03fa314ce09985386c

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
X-MNET-HL3: 8-12
X-MN-W: 12-13
Connection: keep-alive
Content-Length: 17685
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame BDC3 68 KB
21 KB 218ms
218ms XHR
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=404259289237741&correlator=4300887582775067&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&eid=21062378&vrg=313&npa=1&guci=1.2.0.0.2.1.0.0&plat=1%3A32776%2C2%3A32776%2C8%3A32776&sc=1&sfv=1-0-32&iu=%2F45361917%2F8CU5BD6EW-639665355-Skyscraper_post_yahoo_300_x_600&sz=300x600&scp=crid%3D639665355%26mnet_variant%3D98%26pub_domain%3Dsecurityaffairs.co%26mnet_cc%3DDE%26mnet_bucketid%3Da2%26mnet_dfp_ol%3D1%26PubMaticSS%3D1610%26RubiconSS%3D2209&eri=4&cookie_enabled=1&bc=15&lmt=1551931883&dt=1551931883954&dlt=1551931883576&idt=347&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=600&oid=3&adx=973&ady=2261&adk=2891760302&uci=o4nblcf3uuy2&ifi=1&ifk=2356907041&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&top=securityaffairs.co&dssz=5&icsg=170&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&blev=1&bisch=1&ga_vid=1549276949.1551931884&ga_sid=1551931884&ga_hid=1988512306&fws=256

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

cf61a8fd98176ba76e74b4598bdc59aa66b3ea0754dda9b9c20b6d51bca39bd0

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16730801938714611409/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16730801938714611409/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN7QpOWU7-ACFVIEiwodBkAN6A&gqi=65mAXJaRO4yi3wO70qD4AQ&layout=/sadbundle/%24csp%253Der3%24/16730801938714611409/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16730801938714611409/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16730801938714611409/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN7QpOWU7-ACFVIEiwodBkAN6A&gqi=65mAXJaRO4yi3wO70qD4AQ&layout=/sadbundle/%24csp%253Der3%24/16730801938714611409/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 20957
x-xss-protection: 1; mode=block
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 07 Mar 2019 04:11:24 GMT
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_313.js Show response
securepubads.g.doubleclick.net/gpt/ Frame BDC3 67 KB
25 KB 16ms
15ms Script
text/javascript 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

36e37aa427c03ec10d908586e67951e999a31e5f9629ced1b79a7d8f10b40aad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 22 Feb 2019 23:59:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 25399
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:23 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ Frame BDC3 0
0 6ms
6ms Other
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Purpose: prefetch
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H2

200

/ Show response
securityaffairs.co/wordpress/
Redirect Chain

https://securityaffairs.co/wordpress?ga_action=googleanalytics_get_script
https://securityaffairs.co/wordpress/?ga_action=googleanalytics_get_script

493 B
470 B

561ms
560ms

XHR
text/html

2001:8d8:100f:f000::289
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/?ga_action=googleanalytics_get_script
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.15
Resource Hash: 529a8625b1d79f8a672375f5acdefd683f86f29327461266fa428aa734cb697b

Request headers

:path: /wordpress/?ga_action=googleanalytics_get_script
pragma: no-cache
cookie: __unam=6f69f6a-16956593ef8-761713f5-1; session_depth=securityaffairs.co%3D1%7C762221962%3D1%7C184323154%3D1%7C639665355%3D1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: securityaffairs.co
x-requested-with: XMLHttpRequest
:scheme: https
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
:method: GET
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
server: Apache
x-powered-by: PHP/7.2.15
vary: Accept-Encoding,Cookie
content-type: text/html; charset=UTF-8

Redirect headers

status: 301
date: Thu, 07 Mar 2019 04:11:23 GMT
server: Apache
content-length: 282
location: https://securityaffairs.co/wordpress/?ga_action=googleanalytics_get_script
content-type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK widget_iframe.704fca4914c9b90d7a9d41abcaa19933.html
platform.twitter.com/widgets/ Frame AF86 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.704fca4914c9b90d7a9d41abcaa19933.html?origin=https%3A%2F%2Fsecurityaffairs.co&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4192) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

Content-Encoding: gzip
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Mar 2019 04:11:24 GMT
Etag: "347ce5de96d97a02c18244967b8b6532+gzip"
Last-Modified: Mon, 25 Feb 2019 17:41:11 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4192)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5783

GET
H/1.1 200
OK moment~timeline~tweet.6e5b62723488aee38af0c77681396a5b.js Show response
platform.twitter.com/js/ 24 KB
8 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.6e5b62723488aee38af0c77681396a5b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4186) /
Resource Hash: e26fdccb214e020f70cf2aede7b77d5dc51854e23b3acbb4bcff0018773a636f

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Feb 2019 17:41:05 GMT
Server: ECS (fcn/4186)
Etag: "da3e8002f83d92efe615008a56f12f48+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Content-Length: 7925

GET
H/1.1 200
OK tweet.2b7769d244a8dfeb3ab9d97583412dec.js Show response
platform.twitter.com/js/ 18 KB
6 KB 14ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/tweet.2b7769d244a8dfeb3ab9d97583412dec.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40EA) /
Resource Hash: 9c6ea1ab4588c0be7dc9cb629aa641415dd91acaea7084de6921a7ffa2299bfb

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Feb 2019 17:41:05 GMT
Server: ECS (fcn/40EA)
Etag: "20fa27831d8703b8d33a11abad368f93+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Content-Length: 6038

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 15ms
8ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A7.0.1&blog=29506073&post=82030&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=1278&rand=0.11541703063157738
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Thu, 07 Mar 2019 04:11:24 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 syndication
syndication.twitter.com/i/jot/ 43 B
120 B 137ms
137ms Image
image/gif 104.244.42.8
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?dnt=1&l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1551931884067%2C%22dnt%22%3Atrue%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 117
pragma: no-cache
last-modified: Thu, 07 Mar 2019 04:11:24 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1b666c6c407619245c032550e3040de6
x-transaction: 00aa30a200d1778d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 tweets.json Show response
cdn.syndication.twimg.com/ 6 KB
2 KB 138ms
137ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweets.json?callback=__twttr.callbacks.cb0&ids=1101936940297924608&lang=en&suppress_response_codes=true&theme=light&tz=GMT%2B0000

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_o /

Resource Hash

a4ad4f02da27960c1cd21a50bb1b2f057bb1eb9286acdc512945c5dd37b21a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
strict-transport-security: max-age=631138519
content-length: 1555
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 128
last-modified: Thu, 07 Mar 2019 04:11:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=60
x-connection-hash: e5100d65139ede975ec3ee247d4ba92c
timing-allow-origin: *
x-transaction: 0087301e009f183c
expires: Thu, 07 Mar 2019 04:12:24 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E26 80 KB
29 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js?21063279

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8f0cefd04b0620126cc85dec115db169f5e5aa1993a11b8ef277d7984f8685d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1551269762062339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 29186
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F82 77 KB
27 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js?21063279

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1551269762062339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28006
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9E26 0
291 B 47ms
46ms Image
image/gif 172.217.22.2
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvWt6TqJxpmn6HYTeJX0E1OwXVzhlWJRMUn5ori5M-SEicri28OKME8YgPvWwHiJzTXCmdcO_71hVHAMUK-S2L6JKEW-lvizVo5MUq31_bUiKn7reQKAGuzo_bKNuLS7npDU1tKNGtKfpSYiWqR5-DTBqh2zDLxDOk-iRc30qfN7fjUvTFvpTznFe7EFQ7KJ7O5OSEFnHN7QhQ1IW8m0PcCM3pod29pCRiGyXzulG7vXEEoCICW5HNh2D-tdezin6_BoRjhfVmCrNgShwQMP5ADIB6X2YUVxgmk_NR9MgpX&sai=AMfl-YR7dTfyPKCFLFQZdmv_ZlUsveEMOy5nGjwpOuARjOgQXjcZcLgDNadPapo8tUHjivlWPOqtK2oFkVdBuwlEHdtzxhcXd2yitK_lVbBh&sig=Cg0ArKJSzMCK1qMsKkRVEAE&urlfix=1&adurl=

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.22.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 0
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ Frame FFE9 0
0 8ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-32/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3971
date: Thu, 07 Feb 2019 15:37:38 GMT
expires: Fri, 07 Feb 2020 15:37:38 GMT
last-modified: Wed, 06 Feb 2019 20:59:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 2378026
alt-svc: quic=":443"; ma=2592000; v="44,43,39"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 49E8 77 KB
27 KB 47ms
39ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1551269762062339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28006
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
DATA 200
OK truncated
/ Frame 9E26 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1f5c595b793aa4ef46d5944544a7c0b152ee3889e9d6a170d85741875783e62

Request headers

Response headers

Content-Type: image/png

GET
H/1.1 200
OK rtblog.php
qsearch-a.akamaihd.net/ 35 B
280 B 88ms
8ms Image
image/gif 2.21.242.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/rtblog.php?&l3ch=4&vgd_implt=0&movlimp=0&vgd_dfp_tgt={%22crid%22:%22184323154%22,%22mnet_segment%22:%220.27%22,%22mnet_variant%22:%22454%22,%22pub_domain%22:%22securityaffairs.co%22,%22mnet_cc%22:%22DE%22,%22mnet_bucketid%22:%22b3%22,%22mnet_ref_ybn%22:1,%22PubMaticSS%22:%221610%22,%22RubiconSS%22:%222209%22}&vgd_scr_h=1200&vgd_scr_w=1600&vgd_optout=0&vgd_bdata=bb%3D100%7C%7Cvv%3D0%7C%7Cuiw%3D0%7C%7CMP%3D.*irs.*%7C%7Cxgb_sd%3D2019030500%7C%7Clast%3D%24%7Blast_flag%7D%7C%7Cerpm%3D0.01%7C%7Cfbb%3D0%7C%7Cxgboost_l%3D0%7C%7Cxgb_nt%3D200%7C%7Cbasis2%3D196%7C%7Cbtd%3D1516132507648%7C%7Cbasis1%3D196%7C%7CisRef%3D%24%7Brefresh_counter%7D%7C%7Clc%3D0%7C%7Curl_l%3D40%7C%7Cbid%3D0.27%7C%7Cxgb_b%3D0.23%7C%7Cdc%3D8%7C%7Cdevice_l%3D0%7C%7C%24%7BClientYLog%7D%7C%7Cvariant%3D1&vgd_isAmp=0&vgd_rensize=300_250&vgd_l2wsip=2886958293&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&pid=8PO4A4J48&size=300x250&vi=1551931883858729973&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&cc=DE&vgd_sc=HE&bdrid=8&subBdr=454&bdrct=0.27&adx=1&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_crefurl=undefined&vgd_dfpnc=0&vgd_refadx=1&vgd_demp=0&vgd_refcnf={%22a2y%22:{%22afterLoadSecs%22:30,%22afterViewSecs%22:10,%22percentTraffic%22:95,%22ignoreSessionDisable%22:true,%22both%22:false}}&rtbsd=10&bto=0&vgd_rt=192&gdpr=1&vgd_l1ch=1&vgd_l2ch=0&hvsid=00001551931883547031182208007322
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.242.219 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-242-219.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK log
lg3.media.net/ 35 B
319 B 21ms
19ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/log?logid=kfk&evtid=rtbstl&domain=securityaffairs.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&rtbw=-1&size=300x250&ext_user_id=0&ip=185.220.70.202&crid=184323154&bc=-2&b2b=-2&b3b=-2&b4b=-2&b5b=-2&b9b=-2&b11b=-2&b12b=-2&b33b=-2&mnet_segment=0.27&cmw=8&subBdr=454&dfp=1&source=2&dt=4&gdpr=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache Tomcat /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache Tomcat
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK nrrV3712.js Show response
contextual.media.net/__media__/js/util/ Frame 763A 61 KB
0 18ms
17ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c61ed6973cc43fe79354b7f3e073ef73f38a8822ee4959b9209df0b65c7a179

Request headers

Response headers

Pragma: max-age=2592000
Date: Thu, 07 Mar 2019 04:11:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-MNET-H: 8-11
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=1209600
Connection: keep-alive
Content-Length: 20622
Expires: Thu, 21 Mar 2019 04:11:23 GMT

GET
H/1.1 200
OK nrrV3712.js Show response
contextual.media.net/__media__/js/util/ Frame 763A 61 KB
20 KB 19ms
19ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c61ed6973cc43fe79354b7f3e073ef73f38a8822ee4959b9209df0b65c7a179

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: max-age=2592000
Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-MNET-H: 8-11
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=1209600
Connection: keep-alive
Content-Length: 20622
Expires: Thu, 21 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK pixel
opt-east.media.net/rtbs/ 43 B
287 B 193ms
108ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opt-east.media.net/rtbs/pixel?key=9%3A%3A20190307%3A%3A04%3A%3ADE%3A%3A10.6.3.4_7017&value=90&bid=9&country=DE&cid=8CU5BD6EW&crid=762221962&domain=securityaffairs.co&size=300x250&buyerid=null
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: nginx
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK /
qsearch-a.akamaihd.net/log/ 35 B
319 B 63ms
8ms Image
image/gif 2.21.242.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log/?logid=kfk&evtid=ybnwl&aid=8140842112fb4b9c83bdfce29ce8200d&domain=securityaffairs.co&price=0.9&cgid=17608&cid=88855&rid=2243185&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&cc=DE&td=c%3D88855%3B+dma%3D%3B+ugd%3D4%3B+ua%3D%3B+bid%3D0.9%3B+r%3D&lid=&t=1551931883580&_ls=rtb-nv-s-3.srv.media.net
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.242.219 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-242-219.deploy.static.akamaitechnologies.com
Software: Apache Tomcat /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache Tomcat
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK log
lg3.media.net/ 35 B
319 B 30ms
22ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/log?logid=kfk&evtid=rtbstl&domain=securityaffairs.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&rtbw=-1&size=300x250&ext_user_id=0&ip=185.220.70.202&crid=762221962&bc=-2&b2b=-2&b3b=-2&b4b=-2&b5b=-2&b9b=-2&b11b=-2&b12b=-2&b33b=-2&mnet_segment=0.90&cmw=9&dfp=1&source=2&dt=4&gdpr=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache Tomcat /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache Tomcat
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK 11354_d2e9c37e359ed9ee8ba98baecc5834b2.png
contextual.media.net/__media__/images/800000006/ Frame 763A 2 KB
2 KB 17ms
16ms Image
image/png 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://contextual.media.net/__media__/images/800000006/11354_d2e9c37e359ed9ee8ba98baecc5834b2.png
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0a6b90b75ea7a7ffcf626ab21af202818e7f820e487ba05c122e68c4702a843d

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Last-Modified: Mon, 12 Feb 2018 11:51:32 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=528505
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2049
Expires: Wed, 13 Mar 2019 06:59:49 GMT

GET
H/1.1 200
OK bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 763A 2 KB
2 KB 92ms
20ms Font
application/font-woff 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: Apache
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1792
Expires: Fri, 08 Mar 2019 04:11:24 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-32/html/ Frame 4507 0
0 32ms
6ms Document
text/html 2a00:1450:4001:81c::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-32/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_313.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-32/html/container.html?n=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 3971
date: Thu, 07 Feb 2019 15:37:38 GMT
expires: Fri, 07 Feb 2020 15:37:38 GMT
last-modified: Wed, 06 Feb 2019 20:59:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 1; mode=block
cache-control: public, immutable, max-age=31536000
age: 2378026
alt-svc: quic=":443"; ma=2592000; v="44,43,39"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame BDC3 77 KB
27 KB 48ms
40ms Script
text/javascript 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_313.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:806::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 07 Mar 2019 04:11:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1551269762062339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 28006
x-xss-protection: 1; mode=block
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK rtblog.php
qsearch-a.akamaihd.net/ 35 B
280 B 17ms
8ms Image
image/gif 2.21.242.219
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/rtblog.php?&l3ch=4&vgd_implt=0&movlimp=0&vgd_dfp_tgt={%22crid%22:%22639665355%22,%22mnet_variant%22:%2298%22,%22pub_domain%22:%22securityaffairs.co%22,%22mnet_cc%22:%22DE%22,%22mnet_bucketid%22:%22a2%22,%22mnet_dfp_ol%22:1,%22PubMaticSS%22:%221610%22,%22RubiconSS%22:%222209%22}&vgd_scr_h=1200&vgd_scr_w=1600&vgd_optout=0&vgd_isAmp=0&vgd_rensize=300_600&vgd_l2wsip=2886952062&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=639665355&pid=8PO4A4J48&size=300x600&vi=1551931883687033233&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&cc=DE&vgd_sc=HE&bdrid=153&subBdr=98&bdrct=0.54&adx=1&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_crefurl=undefined&vgd_dfpnc=0&vgd_refadx=14&vgd_demp=0&vgd_refcnf={%22a2y%22:{%22afterLoadSecs%22:30,%22afterViewSecs%22:10,%22percentTraffic%22:95,%22ignoreSessionDisable%22:true,%22both%22:false}}&rtbsd=10&bto=13&vgd_rt=0&gdpr=1&vgd_l1ch=1&vgd_l2ch=0&hvsid=00001551931883563031182208003952
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.21.242.219 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-242-219.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK log
lg3.media.net/ 35 B
319 B 23ms
19ms Image
image/gif 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/log?logid=kfk&evtid=rtbstl&domain=securityaffairs.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&rtbw=-1&size=300x600&ext_user_id=0&ip=185.220.70.202&crid=639665355&bc=-2&b2b=-2&b3b=-2&b4b=-2&b5b=-2&b9b=-2&b11b=-2&b12b=-2&b33b=-2&cmw=153&subBdr=98&dfp=1&source=13&dt=4&gdpr=1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache Tomcat /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache Tomcat
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
platform.twitter.com/css/ 54 KB
12 KB 9ms
6ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A3) /
Resource Hash: c139b8dd7b1ccda2813ae79d127d1c0256f91a71fce5581887a1d5fbbca81bde

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Feb 2019 17:41:03 GMT
Server: ECS (fcn/41A3)
Etag: "ae6fef09ef216879adf6be6beb2522ea+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: text/css; charset=utf-8
Content-Length: 12323

GET
H/1.1 200
OK tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
platform.twitter.com/css/ 54 KB
54 KB 9ms
7ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A3) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Feb 2019 17:41:03 GMT
Server: ECS (fcn/41A3)
Etag: "ae6fef09ef216879adf6be6beb2522ea+gzip"
Vary: Accept-Encoding
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=315360000
Content-Type: text/css; charset=utf-8
Content-Length: 12323

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 763A 15 B
355 B 25ms
20ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://lg3.media.net/bql.php?v=1&gdpr=1&hvsid=00001551931883522031182208003404&geo=50.12|8.68&lper=100&bdrid=9&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYKJA8TAzuXMdJv4ecc7L3Oi8Xmh6V1jOcoOvdFuAkc28XztYEGVZfZJkSfJKqQYH7CoDAtYp5yzj_yT5IulX86k%3D&lpid=&tsid=1&ksu=207&q=&prv=&type=&ps=&cme=GErXCuEQP37H2epiV_OoOAsInFLIPKMTGFlQCD88QrFaOLEsbLxxD8q806QyTQQctGUbUI7b8GUss3XOIYlUiACeXNmjtK8sE_kdPO6nMfuLza3MQUtU6P-gTUi4QXr3utQmTJJYTcRN784ZI5f4Tas1uTNYDAvvvR2hw1lydUIo5Y3hQItrXP8fh8CxsJJ1d0DpjtybenSGePdaFDEYjy6PsfloJ8G0%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7CeyOPkfgOPIiAfIGioYqHuDHdK-RxDNbuAL_6Pl9-OM-avBC0thcQW7YOjaaK7RfKYEy-f1GSRMojrrbsa2071xHFOwMu6i1xF03DB_DAL-ojserjC09cBBxBPDRC-JpbLxduTsV5j-RyHMmx8jXRhFNmnL0144i60PUFtip4olk2TvOMOREtjjVCtkRUDuwSfGHAUBijpok%3D%7C&hint=&td=&cc=DE&wsip=2886946039&bca=0&ugd=4&&rc=0&fdkt=439&kwd[]=Most%20Effective%20Antivirus%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=1&kid[]=125497296&kbc2[]=ir%3D1%7C%7Ciid%3D7388114%7C%7Cps%3D0.921%7C%7Crpc%3D0.49%7C%7Clvl%3D1.00&ktd[]=277042299136&kwd[]=Top%20Rated%20Malware%20Tools&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=329649619&kbc2[]=ir%3D1%7C%7Ciid%3D42200%7C%7Cps%3D0.921%7C%7Crpc%3D0.85%7C%7Clvl%3D1.00&ktd[]=278384476416&kwd[]=Disability%20Requirements&kwt[]=438&kbc[]=500985&kwp[]=3&kid[]=8447051&kbc2[]=500985%7C%7C0%7C%7Cir%3D1%7C%7Ciid%3D318014%7C%7Cps%3D0.871%7C%7Crpc%3D0.14%7C%7Clvl%3D1.00&ktd[]=4503876955083008&kwd[]=Work%20from%20Home&kwt[]=438&kbc[]=500985&kwp[]=4&kid[]=31091533&kbc2[]=500985%7C%7C0%7C%7Cir%3D1%7C%7Ciid%3D3085871%7C%7Cps%3D0.871%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=4503876686647552&kwd[]=Qualifications%20for%20Disability%20Benefits&kwt[]=438&kbc[]=500985&kwp[]=5&kid[]=324966590&kbc2[]=500985%7C%7C0%7C%7Cir%3D1%7C%7Ciid%3D5152250%7C%7Cps%3D0.871%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=4503875344470272&rand=1551931884245&cid=8CU5BD6EW&vwid=1551931883301364862&vi=1551931883301364862&l3ch=0&slnkp=no&bdrct=0.9&vgd_rt=133&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&axbx=bl5&vgd_refimp=0&vgd_bdata=bb%3D100%7C%7Cvv%3D0%7C%7Cuiw%3D0%7C%7CMP%3D.*irs.*%7C%7Cxgb_sd%3D2019030500%7C%7Clast%3D%24%7Blast_flag%7D%7C%7Cerpm%3D0.01%7C%7Cfbb%3D0%7C%7Cxgboost_l%3D0%7C%7Cxgb_nt%3D200%7C%7Cbasis2%3D196%7C%7Cbtd%3D2615644135424%7C%7Cbasis1%3D196%7C%7CisRef%3D%24%7Brefresh_counter%7D%7C%7Clc%3D0%7C%7Curl_l%3D40%7C%7Cbid%3D0.61%7C%7Cxgb_b%3D0.23%7C%7Cdc%3D8%7C%7Cdevice_l%3D0%7C%7C%24%7BClientYLog%7D%7C%7Cvariant%3D0&sttm=1551931883522&upk=1551931884.18824&hvsid=00001551931883522031182208003404&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&rtbsd=10&matchstring=&dytm=1551931883795&matm=1551931884263&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_isAmp=0&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kalog=TPTD%3D549806347140%7C%7CMI%3D1391%7C%7CHID%3D13%7C%7CMPTD%3D192%7C%7CCI%3D1391%7C%7CSI%3D1391%7C%7CUUID%3D3LgyzRbfyJL8z%7C%7CSID%3D12&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_refcnf=%7B%22a2y%22%3A%7B%22afterLoadSecs%22%3A30%2C%22afterViewSecs%22%3A10%2C%22percentTraffic%22%3A95%2C%22ignoreSessionDisable%22%3Atrue%2C%22both%22%3Afalse%7D%7D&vgd_dfp_tgt=%7B%22crid%22%3A%22762221962%22%2C%22mnet_segment%22%3A%220.90%22%2C%22mnet_variant%22%3A%220%22%2C%22pub_domain%22%3A%22securityaffairs.co%22%2C%22mnet_cc%22%3A%22DE%22%2C%22mnet_bucketid%22%3A%22b3%22%2C%22mnet_ref_ybn%22%3A1%2C%22PubMaticSS%22%3A%221610%22%2C%22RubiconSS%22%3A%222209%22%7D&vgd_sbSup=1&vgd_l2wsip=2886934062&vgd_nrrv=3712&vgd_nrrs=3712&vgd_optout=0&vgd_x_pos=320&vgd_y_pos=14026&vgd_ren_page_h=15947&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&oRurl=http%3A%2F%2Fcdn3nc%2Fmediamain.html%3F%26esi%3D1%26%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D762221962%26pid%3D8PO5M70HK%26size%3D300x250%26cpnet%3DyVb1sHm-0KIh29BOFTjjrEBbIZGw_v2fXpyZXRW3WVE%253D%26cme%3Dhmi3FHRUKMmzKimfb0JIDAbp_fyjVK7depiARrivsoxRj_hLfG7Sh7pIMMFBEH3GQmWMN5-SfqQXYweHSH8KKnPGVgvGQ_aPSf0OGKC6cBSpFVbTXU3f6_1duVJnBmigo-643UevFDALT110G-ESfQ%253D%253D%257C%257CNDHRnZ9Gz3KXlI-i9OnZqQ%253D%253D%257C5gDUJdTGiJzedmq9hanWYg%253D%253D%257CN7fu2vKt8_s%253D%257C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%253D%257CsRBSg3CPSiQ%253D%257C%26https%3D1%26cc%3DDE%26bf%3D0%26staticIframe%3D1%26vif%3D1%26nse%3D3%26bid%3D237663%26vi%3D1551931883301364862%26lw%3D1%26ugd%3D4%26ib%3D0%26katbid%3D-2%26nb%3D1%26chost%3Dcontextual.media.net%26fvips%3D0%26vpf%3D000%26ap%3D0%26pf%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 07 Mar 2019 04:11:24 GMT

POST
H2 200 log
navvy.media.net/ Frame 763A 807 B
997 B 168ms
165ms Other
image/gif 54.219.148.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.148.162 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-219-148-162.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 07 Mar 2019 04:11:24 GMT
server: Jetty(9.4.7.v20170914)
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H2 200 FSkvjZtZ_normal.jpg
pbs.twimg.com/profile_images/910539473959624704/ 2 KB
2 KB 8ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/910539473959624704/FSkvjZtZ_normal.jpg

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/4193) /

Resource Hash

4a9198fa8e79a2b4dd59e22669cfa60d2b5a5b9ad911c19d66c0c7026c5ccd4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-response-time: 134
date: Thu, 07 Mar 2019 04:11:24 GMT
x-content-type-options: nosniff
surrogate-key: profile_images profile_images/bucket/3 profile_images/910539473959624704
last-modified: Wed, 20 Sep 2017 16:19:42 GMT
server: ECS (fcn/4193)
access-control-allow-origin: *
x-cache: HIT
content-type: image/jpeg
status: 200
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d046bee2df1dbea28caa579de5799394
accept-ranges: bytes
content-length: 2339

GET
DATA 200
OK truncated
/ 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 707 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 600 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 323 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4

Request headers

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 analytics.js Show response
google-analytics.com/ 43 KB
17 KB 33ms
5ms Script
text/javascript 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 6855
date: Thu, 07 Mar 2019 02:17:09 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17543
expires: Thu, 07 Mar 2019 04:17:09 GMT

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame C5CF
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

7ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40E8) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Mar 2019 04:11:24 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Mon, 25 Feb 2019 17:42:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40E8)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Thu, 07 Mar 2019 04:11:24 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 07 Mar 2019 04:11:24 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_f
strict-transport-security: max-age=631138519
x-connection-hash: 1b666c6c407619245c032550e3040de6
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 118
x-transaction: 00593b7b0063f9f9
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
13ms Image
image/gif 2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1167687390&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&ul=en-us&de=UTF-8&dt=%23OpJerusalem2019%20-%20JCry%20ransomware%20is%20now%20infecting%20Windows%20usersSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=382399540&gjid=2018706261&cid=1661170951.1551931885&tid=UA-59069958-1&_gid=1240943262.1551931885&_r=1&z=1449468869

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Mar 2019 04:11:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 20ms
19ms Image
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lg3.media.net/bqi.php?lf=3&cid=8CU5BD6EW&crid=184323154&pid=8PO4A4J48&size=300x250&vi=1551931883858729973&ugd=4&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F82030%2Fhacking%2Fopjerusalem-2019-jcry-ransomware.html%3Ffbclid%3DIwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4&bdrid=8&subBdr=454&cc=DE&sc=HE&gdpr=1&hvsid=00001551931883547031182208007322
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:24 GMT
Server: Apache
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 07 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK nrrV3712.js Show response
contextual.media.net/__media__/js/util/ Frame 341F 61 KB
20 KB 21ms
20ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c61ed6973cc43fe79354b7f3e073ef73f38a8822ee4959b9209df0b65c7a179

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: max-age=2592000
Date: Thu, 07 Mar 2019 04:11:34 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
X-MNET-H: 8-11
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=1209600
Connection: keep-alive
Content-Length: 20622
Expires: Thu, 21 Mar 2019 04:11:34 GMT

GET
H/1.1 200
OK bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 341F 2 KB
0 92ms
20ms Font
application/font-woff 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Request headers

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: Apache
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1792
Expires: Fri, 08 Mar 2019 04:11:24 GMT

GET
H/1.1 200
OK 11354_d2e9c37e359ed9ee8ba98baecc5834b2.png
contextual.media.net/__media__/images/800000006/ Frame 341F 2 KB
0 17ms
16ms Image
image/png 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://contextual.media.net/__media__/images/800000006/11354_d2e9c37e359ed9ee8ba98baecc5834b2.png
Requested by: Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0a6b90b75ea7a7ffcf626ab21af202818e7f820e487ba05c122e68c4702a843d

Request headers

Response headers

Date: Thu, 07 Mar 2019 04:11:24 GMT
Last-Modified: Mon, 12 Feb 2018 11:51:32 GMT
Server: Apache
Content-Type: image/png
Cache-Control: max-age=528505
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2049
Expires: Wed, 13 Mar 2019 06:59:49 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 341F 15 B
355 B 22ms
20ms Script
text/javascript 23.62.140.165
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://lg3.media.net/bql.php?v=1&gdpr=1&hvsid=00001551931883547031182208007322&geo=50.12|8.68&lper=100&fp=aMCaa1NwFpB1DQ0k2ecvcxHbpMvIDD4pbhqt5dd2OoPVVtOM9ho941SavBJ23qURw5hHQkhAP8UIXzYLtVM_OPV57GjFtr4EsxTJ2f_QYTv3ZY-bjCMfZj-xFurJNRg-sMvi1GFMvU4%3D&lpid=&tsid=1&ksu=207&q=&prv=&type=&ps=&cme=NkRK5c9ja97D9vljVg1bsh55GLPfXHCRf7eCrJHpaoS4RTJrL32X7QigaYhHQtZX_sDRZc_2xV6yrIDxhmaRftrVkSTNGa2XZMzBKvhZKQVUXoswZB0bFPWUtJQzVusoMg_6iPeNSAbpYoXvENXcN9Tjxis7AARCGWs84RfyRv0ibZ-D97TxbvUpK-WAK7CEpxP1LlgFAtqWpUmx2DH8boUz1BIlGdt5%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CN7fu2vKt8_s%3D%7C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%3D%7CsRBSg3CPSiQ%3D%7C8X_sA2xQ58Y_sQPxg5ChhR-5xZBi-D5-kZAf7Nz3Fc2UBEB__RJb7c0c3l2BSdQ1zDoHLdNEdtD05fSYSwfFOavQ35ZQh-zizq96FPHZXAZvboktvuesnV7e7-qyN8DdeaCEG3Mu3dKjnKUtdUlQNu5kEXXCCw7nI89KQ0I2BxWlr2S1Q4-VQkLQSDqGqWHH%7C&hint=&td=&cc=DE&wsip=2886950910&bca=0&ugd=4&&rc=0&fdkt=439&kwd[]=Best%20Anti-Ransomware%20Software&kwt[]=439&kbc[]=1202871521&kwp[]=1&kid[]=326729916&kbc2[]=ir%3D1%7C%7Ciid%3D3756784%7C%7Cps%3D0.921%7C%7Crpc%3D0.75%7C%7Clvl%3D1.00&ktd[]=275700322560&kwd[]=Cell%20Phone%20Spy%20Apps&kwt[]=439&kbc[]=1202871521&kwp[]=2&kid[]=278538020&kbc2[]=ir%3D1%7C%7Ciid%3D2654632%7C%7Cps%3D0.921%7C%7Crpc%3D0.08%7C%7Clvl%3D1.00&ktd[]=278401454336&kwd[]=How%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1202871521&kwp[]=3&kid[]=329660469&kbc2[]=ir%3D1%7C%7Ciid%3D6012304%7C%7Cps%3D0.921%7C%7Crpc%3D0.44%7C%7Clvl%3D1.00&ktd[]=276505628928&kwd[]=Dental%20Plan%20For%20Seniors&kwt[]=438&kbc[]=500985&kwp[]=4&kid[]=324681536&kbc2[]=500985%7C%7C0%7C%7Cir%3D1%7C%7Ciid%3D143372%7C%7Cps%3D0.871%7C%7Crpc%3D0.20%7C%7Clvl%3D1.00&ktd[]=4503877743612160&kwd[]=Web%20Service%20Testing&kwt[]=438&kbc[]=500985&kwp[]=5&kid[]=30482549&kbc2[]=500985%7C%7C0%7C%7Cir%3D1%7C%7Ciid%3D938432%7C%7Cps%3D0.871%7C%7Crpc%3D0.07%7C%7Clvl%3D1.00&ktd[]=9007476565676288&rand=1551931894718&cid=8CU5BD6EW&vwid=1551931883858729973&vi=1551931883858729973&l3ch=0&slnkp=no&bdrct=0.27&vgd_rt=192&bto=0&tdAdd[]=rtbsd%3D10&tdAdd[]=ib=0&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&axbx=bl5&vgd_reflog=1&vgd_refimp=2&vgd_bdata=bb%3D100%7C%7Cvv%3D0%7C%7Cuiw%3D0%7C%7CMP%3D.*irs.*%7C%7Cxgb_sd%3D2019030500%7C%7Clast%3D%24%7Blast_flag%7D%7C%7Cerpm%3D0.01%7C%7Cfbb%3D0%7C%7Cxgboost_l%3D0%7C%7Cxgb_nt%3D200%7C%7Cbasis2%3D196%7C%7Cbtd%3D1516132507648%7C%7Cbasis1%3D196%7C%7CisRef%3D%24%7Brefresh_counter%7D%7C%7Clc%3D0%7C%7Curl_l%3D40%7C%7Cbid%3D0.27%7C%7Cxgb_b%3D0.23%7C%7Cdc%3D8%7C%7Cdevice_l%3D0%7C%7C%24%7BClientYLog%7D%7C%7Cvariant%3D1&sttm=1551931883547&upk=1551931884.18824&hvsid=00001551931883547031182208007322&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&npgv=1&rtbsd=10&matchstring=&dytm=1551931883853&matm=1551931894739&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&iscont=0&vgd_sc=HE&vgd_l2ch=0&vgd_l1ch=1&vgd_isAmp=0&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kalog=SI%3D1391%7C%7CHID%3D14%7C%7CCI%3D1391%7C%7CMPTD%3D192%7C%7CUUID%3DBDf2dbB5uUrzM%7C%7CTPTD%3D549797925508%7C%7CMI%3D1391%7C%7CSID%3D12&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_refcnf=%7B%22a2y%22%3A%7B%22afterLoadSecs%22%3A30%2C%22afterViewSecs%22%3A10%2C%22percentTraffic%22%3A95%2C%22ignoreSessionDisable%22%3Atrue%2C%22both%22%3Afalse%7D%7D&vgd_dfp_tgt=%7B%22crid%22%3A%22184323154%22%2C%22mnet_segment%22%3A%220.27%22%2C%22mnet_variant%22%3A%22454%22%2C%22pub_domain%22%3A%22securityaffairs.co%22%2C%22mnet_cc%22%3A%22DE%22%2C%22mnet_bucketid%22%3A%22b3%22%2C%22mnet_ref_ybn%22%3A1%2C%22PubMaticSS%22%3A%221610%22%2C%22RubiconSS%22%3A%222209%22%7D&vgd_sbSup=1&vgd_l2wsip=2886958293&vgd_nrrv=3712&vgd_nrrs=3712&vgd_optout=0&vgd_x_pos=973&vgd_y_pos=433&vgd_ren_page_h=15851&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&oRurl=http%3A%2F%2Fcdn3nc%2Fmediamain.html%3F%26esi%3D1%26%26cid%3D8CU5BD6EW%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253D%253D%26crid%3D184323154%26pid%3D8PO5M70HK%26size%3D300x250%26cpnet%3DyVb1sHm-0KIh29BOFTjjrHvHwrQGlpByWaOO1vn303s%253D%26cme%3DddF3tVt6Jgwc0vmFKxq3sxZQnh0iZwpa5KhKGcDHJFxEgLz35A0naNpam52fKJe_u9tIkCm3_lVs8UO_TWiOPSCbQBfwxs5LQx8hOuBd8dcPClRiQGYMWhkgJLSjI5BzpX_yLx7ECLkDeliuUBQP2w%253D%253D%257C%257CNDHRnZ9Gz3KXlI-i9OnZqQ%253D%253D%257C5gDUJdTGiJzedmq9hanWYg%253D%253D%257CN7fu2vKt8_s%253D%257C-uksccUaB-DVTu9XLr1SMpAkydZfnH1Hm-SS2qFBri0q2QNujKexuUNHtaRPFCa1ACwGzJXGgBTFpNDCgzCYBqeEmHcf9Ekzqik6SJ1RbMxwdfCPjQyi1G_2DXQpTuoowAp9JP6I4MjTQarpREs-CacnbxeG6fEH0up0QAIx3yP_xbjhEnwKrHJ1oeAfvhzlE2LEzqMqc-A%253D%257CsRBSg3CPSiQ%253D%257C%26https%3D1%26cc%3DDE%26bf%3D0%26staticIframe%3D1%26vif%3D1%26nse%3D3%26bid%3D237664%26vi%3D1551931883858729973%26lw%3D1%26ugd%3D4%26ib%3D0%26katbid%3D-2%26nb%3D1%26chost%3Dcontextual.media.net%26fvips%3D0%26vpf%3D000%26ap%3D0%26pf%3D0%26isOffice%3D0&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.62.140.165 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Mar 2019 04:11:34 GMT
Server: Apache
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Thu, 07 Mar 2019 04:11:34 GMT

POST
H2 200 log
navvy.media.net/ Frame 341F 807 B
997 B 168ms
166ms Other
image/gif 54.219.148.162
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/__media__/js/util/nrrV3712.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.148.162 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-219-148-162.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/82030/hacking/opjerusalem-2019-jcry-ransomware.html?fbclid=IwAR39EoPq7lL0GWSO0OqPawZGTy5WvnQak8mAeWGXKroyOEJYZfTawWubBm4
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 07 Mar 2019 04:11:34 GMT
server: Jetty(9.4.7.v20170914)
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Thu, 07 Mar 2019 04:11:34 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=312b1979e32bfe80aa528f9729270224

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=312b1979e32bfe80aa528f9729270224

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=312b1979e32bfe80aa528f9729270224

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=312b1979e32bfe80aa528f9729270224

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 08:27:07	Name: IDE Value: AHWqTUnepHqjw3Oa3a09DVqYBwHJVmAkImCnd-xre6TCQKmoIMHJSJgorhthMR6H
securityaffairs.co/wordpress/82030/hacking	1969-12-31 23:59:59	Name: __sharethis_cookie_test__ Value: 1
.securityaffairs.co/	1970-01-19 16:36:43	Name: __gads Value: ID=2554c95d3c1d47d8:T=1551931883:S=ALNI_MaaGLDBX_o6KZnlW84nzjLTrF6VAg
.securityaffairs.co/	1970-01-19 05:41:16	Name: __unam Value: 6f69f6a-16956593ef8-761713f5-1
.media.net/	1970-01-19 03:31:55	Name: gdpr_status Value: 1
.doubleclick.net/	1970-01-18 23:05:35	Name: DSID Value: NO_DATA
securityaffairs.co/	1970-01-18 23:05:33	Name: session_depth Value: securityaffairs.co%3D1%7C762221962%3D1%7C184323154%3D1%7C639665355%3D1

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 23) Message: JQMIGRATE: Migrate is installed with logging active, version 1.4.1
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 45) Message: JQMIGRATE: jQuery.fn.load() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 47) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 45) Message: JQMIGRATE: jQuery.fn.unload() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 47) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
cdn.syndication.twimg.com
connect.facebook.net
contextual.media.net
fonts.googleapis.com
google-analytics.com
i0.wp.com
i1.wp.com
i2.wp.com
l.sharethis.com
lg3.media.net
maxcdn.bootstrapcdn.com
navvy.media.net
opt-east.media.net
pbs.twimg.com
pixel.wp.com
platform-api.sharethis.com
platform.twitter.com
qsearch-a.akamaihd.net
s0.wp.com
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.co
staticxx.facebook.com
stats.wp.com
syndication.twitter.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.googletagservices.com
fonts.googleapis.com
104.109.70.8
104.244.42.8
172.217.22.2
18.195.194.147
192.0.76.3
192.0.77.2
192.0.77.32
2.21.242.219
2001:8d8:100f:f000::289
209.197.3.15
23.14.94.45
23.62.140.165
23.67.137.77
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:806::2002
2a00:1450:4001:819::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81f::200e
2a00:1450:4001:825::2004
2a03:2880:f01c:216:face:b00c:0:3
2a04:fa87:fffe::c000:4902
54.219.148.162
00a4c9aeb6f61ae7f260eea51d5d19a651544c01d202363463375992ef021960
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0a6b90b75ea7a7ffcf626ab21af202818e7f820e487ba05c122e68c4702a843d
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e07e3d6ad76ab0709eadac430a14cb29751ba0a7bd2dc680bda12f1df02779e
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0ed274bbf81ac6e454ee67639cef75f9dd8719b6f21da158b120ac1adc0f2243
0fbd55154e4c77fa46d7da672ad3ffadb0789faf6fd7905a1196f71e6f03b7a4
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
149dfd3d9187ee29881fd5b641bc87e24321d1f9747336f05974ba1e88013d5d
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
187dc7ee3f2157658f117c8574725727d4e670016d85164fa86744f189f0bd34
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1aeb5d0f4df04257362f4ee45d1e4409b75e98928c633525dd6733ad653c7dfd
1b29ae741ac084395fc825de410a72b5d8c0a6eb8335729624beac22645b2615
1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced
203f0d79138ecf8188e4bdf3eb74f7250ef99e05c4b43d8d893c6a2c210d1f69
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2cbb8dfc4483c9ce680df342866531ac656e8bed029dcd37a1872327023da5f8
2f64b025cec8c93dcb01fe88f0e79c134bc0a6c751787360153865dfa9f3a962
2f7469d34dd3ed986dc38a14e0703a5366950e3f5a584d0df24221e69488cfc7
2fc8b48b6b6111004490bc7549cf35379e7f409213091aaab12c321c9883b3cb
32af1efb0f829ef4672b2680cbf8a3989ebbd67f9f7b2023d7298c10c1c7f44d
338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29
34f6ae23ca1bf3949f040a8d5aab73ee6a34e3efdad337dde738cc2adda6ee01
36e37aa427c03ec10d908586e67951e999a31e5f9629ced1b79a7d8f10b40aad
375a874e4b814a7606e43f935e216648b368e6ff66f6c91842881cf432df8f61
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
429918b4a4990488aa25ac7dd18455da0da4ecfbcc6969698b3cd3c409370a50
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
49e544f9a27b6ca6a1c9c8fc5e2f2229255287b9a9be44925233600eb67eecfe
4a60c8819e04945ff7ab8cc19b7ccbf622c1bb05a5c141d6733855f2ccf99ab3
4a9198fa8e79a2b4dd59e22669cfa60d2b5a5b9ad911c19d66c0c7026c5ccd4e
4b6fd7469b9697531a7e3f1d5fe7b2a51ec3c74f9b5735dd647518c3903d2074
4f754eeab6b52fce3c1c51f02a8755be51733297d7f753316ecc91efc69c1dd2
526e1f9465b4179f7b454a7e54f3b13f49f82813e1e7b8256d3bb6ab790dc9ce
529a8625b1d79f8a672375f5acdefd683f86f29327461266fa428aa734cb697b
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
639b4509780048ed50d9f5cd861010522112bcf8c9c2d26f5ddec78c7e739a5b
643a860832456b5a74825b79d625434b5c4c2a344b8f9bef3614b327bea52646
65413af4fd7954959d58c789ea4cff5b61e71d506c869f8d2663cd0b354e04cc
69c9966326d047a29a4346241231b3a127003235ec214b10d76fc652ca10256e
6d538266c4aa994eb2325ace1b88a6367ced5ba5d67a9583c973dc8f53233995
6db4ff6b9df5da796893f81e6793bcdd1bc49dc4e5ae3f25ddc18b75d032d5ae
7267a172cec0d6c1a9c7eaf1e4f123d3f708136c0a76994c799c90d5fc0948b7
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
75080856b5f00d13d6a98ac15105935625e25e16ed1d8f7ab9df9946a8a51657
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a8cf6b7fce01f318e416ae1904132265526ca2b6ef3003f7fe831186a7380a0
7abbe16a86186f27575654f1035766b3fc222a149d3bff94365fdc071a5afe36
7bbd355b4ca50ea670a75269add0ab1d071fb030fb26ab868917078535e78c99
7c61ed6973cc43fe79354b7f3e073ef73f38a8822ee4959b9209df0b65c7a179
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87879846a54fe4a250a2a9808103f1ed6943af45e4cbb7f067c44da57c61b3d4
88c5a83e858c757c32175e365aa96df6982e05697313e99df0d53e70b506e082
88d5f63ddbf3a5a2c2a5dad9a2ae572a57bb4ee48d25247c0f24e04a0795a704
8931988dbf3ce730f27d6ce9e03f25332803858f31c92d1c51900dd80766067f
8b4fd35bb0e9e9d2cfb47a13bd9307e162e786301859bc334f83701f71f9f478
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8df692c63a3ad001e018a83f4578ac10c639ad4003619757293b5a192cd3704d
8f0cefd04b0620126cc85dec115db169f5e5aa1993a11b8ef277d7984f8685d8
8f79108ec176086c9b75a8a062a685a6f4fed76b6da4978cfbc94a861ad65308
9060e1784e6c88f6f932f67c8737cf922d4f23ebfaa4ae1d1098812810a6c81a
92ca91e1a7a8e3f20a6cfbe487b20ec716258b98c3ab727c360513664341056d
97ceb7d63ad34a4e034aa8c9420418c7b17897eabe960ff339ecfab9f9cec67a
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9c6ea1ab4588c0be7dc9cb629aa641415dd91acaea7084de6921a7ffa2299bfb
9eade11ffd772c4492d46969c94db94238be90cb2fc9ed98b199a64113d33920
9f12cd2d7c98256e4671b231c4edce6d9e3282ffb748c858df6c344fe5d1f8e9
9f292fc61362f1312ffff3f659e6e5809c16c2c1ec5288c91508abbd88f33dc6
a09b7c49bf5c0486c2a351a82353c33f6ca21e885acc97d8f2bd7682acfe427b
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1461908b89cde70d8ca2e4c7f7d13162f322c9458bc2b7fe49407ddb6848188
a4ad4f02da27960c1cd21a50bb1b2f057bb1eb9286acdc512945c5dd37b21a80
a58b4eae8006964cf8864d41d1d760f1da08273c756a4f20e17be71b9eb4bd1a
abf0a396ecd082fb921175db8d4bc820ac383082eb4f8a566f4cee5aaa786808
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acb265a34168242b15068040813067950df7c6ee204beb00a76ec95be913d21f
aecbb7494580f4902d9b6686614623951c0d599a7a21fe0f855491b0f52987a7
b0f5dfcfd3be651fe135c041c7cc9468723f2b265a5ffc73a3863b73a195eaa3
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b37f6b2e976fc4a229357acd7a6dc873c55bb4129926ecf75c444fdf32da7013
b45c133d2b75b9008c9631e0a1228b2834cc1f21c652ce943dea706b524ffd4f
bf59c6832eb9df82772307968b03faa3ed06bf8b2bd2bd994e5ac900e7ac58da
c026c385573035118cb24fe5315dceea3f26646af3e91df1ad530e49121753d0
c067a7d5bc50ed4ba554421966d6c4b0140ff2ed4574640fd5abcfa1ab35be11
c139b8dd7b1ccda2813ae79d127d1c0256f91a71fce5581887a1d5fbbca81bde
c1f5c595b793aa4ef46d5944544a7c0b152ee3889e9d6a170d85741875783e62
c22e90e18fec7ac83486e2bba94487e0e0d3870b0aefbdf43061febf1dd9134d
c3202fa17078bddc070206f6f5cd6041cadd3e4232147d3690f1fc877eff4b0e
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4
c42b9d78517cfd5c60f2cdb0e7fec02a7d9e8990567b40be17db64c30382bcff
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0
c540f6c2fc7b8ca66b22314b4245b0c9e172bb3553b2eae427475b35f460b34b
c5a79ec7382c7d79d64c074ac0def918edb046501d7271f69697eafdf0bd1740
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
cc9613e715328bb1b7fb4bfa887bbfc8407f9bb56b177f03fa314ce09985386c
ce7aafcd356c4799848c473d72a4b35aa4099141f4e8a29e6645ecd58ce02eae
cf61a8fd98176ba76e74b4598bdc59aa66b3ea0754dda9b9c20b6d51bca39bd0
d82326fdfc807ab7fa4e205d8a61bcb13174db0af0613b6dbcd725e7dfe7fad3
d9185a7ba8c1c6cbbef9de7f01dfef361fa199cb6e9d151e8c7242a807a9f860
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb
da4e4f03bed04e1f4dd53b885d09519614360f73df215258f797fc9a78be09c8
dce50148adaff4dccd1d95c9b25563011436e398272d530e974193b8685340a2
e04c31a5a01505509b5d552c4786d660e332d6cda875afaeb6a04a0ec9aa5b5f
e2025e131ed88bd668289c0685b6e3ebeb9dd62f000b32d52a0296550e53b3df
e26fdccb214e020f70cf2aede7b77d5dc51854e23b3acbb4bcff0018773a636f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
ecdd244316da113f5a7c0a8f7ab05212a511ebe0bb64be37c07a0017c8226496
ee04691862002e56924b19a2b36bb7ec8632b5f49795fa1b1655b4d93ff60643
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f18a045b26a9d37b6e3c7a365cf2b72be7cc8711506c3d342c7a2651937db8f1
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f42551c6cb1f3a2597f99bdb1b458a5224c04d14de425efc4c1f543bbc1a2570
fa055f2f7c5b735dbbb71954f434aed79925bc00ff2ffbc3ecfc4a790689a723
ffa31f5802b20d64a10c71ad93394c1e2b4b16f33e2f479d8274fd02ce0a594f

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

175 Requests

97 %HTTPS

43 %IPv6

19 Domains

33 Subdomains

24 IPs

4 Countries

3103 kBTransfer

4881 kBSize

7 Cookies

22 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

97 %
HTTPS

43 %
IPv6

19
Domains

33
Subdomains

24
IPs

4
Countries

3103 kB
Transfer

4881 kB
Size

7
Cookies

175 HTTP transactions
6 data transactions