urlscan.io logo urlscan.io
SecurityTrails logo

www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Submission: On November 25 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 81 IPs in 9 countries across 65 domains to perform 373 HTTP transactions. The main IP is 104.20.60.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.
This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.20.60.209 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
35 104.26.13.6 13335 (CLOUDFLAR...)
3 151.101.14.217 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 212.71.236.117 63949 (LINODE-AP...)
6 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
4 2.21.36.164 20940 (AKAMAI-ASN1)
2 2600:9000:21f... 16509 (AMAZON-02)
3 35.188.71.214 15169 (GOOGLE)
1 13.225.78.58 16509 (AMAZON-02)
1 54.236.131.34 14618 (AMAZON-AES)
4 2a00:1450:400... 15169 (GOOGLE)
11 172.217.16.162 15169 (GOOGLE)
1 2.18.235.40 16625 (AKAMAI-AS)
1 2600:9000:21f... 16509 (AMAZON-02)
3 13.224.196.47 16509 (AMAZON-02)
6 143.204.90.242 16509 (AMAZON-02)
2 151.101.13.194 54113 (FASTLY)
1 52.86.189.110 14618 (AMAZON-AES)
7 151.101.114.217 54113 (FASTLY)
1 13.225.78.121 16509 (AMAZON-02)
1 3.223.253.153 14618 (AMAZON-AES)
2 35.226.36.58 15169 (GOOGLE)
2 34.206.108.72 14618 (AMAZON-AES)
1 13.224.196.64 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 151.101.13.140 54113 (FASTLY)
2 10 37.252.173.27 29990 (ASN-APPNEXUS)
25 18.195.86.132 16509 (AMAZON-02)
26 71 152.199.22.24 15133 (EDGECAST)
4 2.18.234.21 16625 (AKAMAI-AS)
9 69.173.144.142 26667 (RUBICONPR...)
4 52.58.48.163 16509 (AMAZON-02)
8 2606:4700:10:... 13335 (CLOUDFLAR...)
2 10 34.95.120.147 15169 (GOOGLE)
4 185.64.189.112 62713 (AS-PUBMATIC)
12 104.16.68.69 13335 (CLOUDFLAR...)
8 52.72.165.42 14618 (AMAZON-AES)
4 2a02:fa8:8806... 41041 (VCLK-EU-)
2 18.196.104.43 16509 (AMAZON-02)
16 52.209.131.99 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2 172.217.21.230 15169 (GOOGLE)
1 185.80.38.195 27381 (CASALE-MEDIA)
2 185.29.135.48 30419 (MEDIAMATH...)
2 18.195.61.72 16509 (AMAZON-02)
1 144.76.104.53 24940 (HETZNER-AS)
3 2.18.233.201 16625 (AKAMAI-AS)
1 3 52.29.62.210 16509 (AMAZON-02)
1 52.29.223.223 16509 (AMAZON-02)
1 23.67.136.71 20940 (AKAMAI-ASN1)
2 138.201.63.145 24940 (HETZNER-AS)
6 19 151.101.14.2 54113 (FASTLY)
1 151.101.14.49 54113 (FASTLY)
1 3 2.16.31.65 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 46.236.13.147 24931 (DEDIPOWER)
2 2 18.197.235.0 16509 (AMAZON-02)
1 2.16.186.90 20940 (AKAMAI-ASN1)
6 2.18.233.180 16625 (AKAMAI-AS)
1 2600:9000:20e... 16509 (AMAZON-02)
2 81.29.72.47 24931 (DEDIPOWER)
2 2 18.196.229.216 16509 (AMAZON-02)
1 1 69.173.144.138 26667 (RUBICONPR...)
1 1 40.113.136.100 8075 (MICROSOFT...)
1 1 185.29.135.234 30419 (MEDIAMATH...)
6 151.101.114.49 54113 (FASTLY)
1 1 151.101.12.166 54113 (FASTLY)
2 2 185.184.8.30 204995 (RTB-HOUSE...)
1 1 172.217.23.98 15169 (GOOGLE)
2 3 54.154.201.99 16509 (AMAZON-02)
1 1 34.210.250.157 16509 (AMAZON-02)
1 192.132.33.46 18568 (BIDTELLECT)
1 130.211.13.252 15169 (GOOGLE)
3 3 52.58.61.157 16509 (AMAZON-02)
2 2 35.210.215.44 19527 (GOOGLE-2)
6 151.101.114.2 54113 (FASTLY)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 172.217.23.134 15169 (GOOGLE)
8 151.101.13.108 54113 (FASTLY)
2 104.17.119.107 13335 (CLOUDFLAR...)
1 23.37.55.184 16625 (AKAMAI-AS)
4 4 13.224.196.41 16509 (AMAZON-02)
1 5 35.157.209.134 16509 (AMAZON-02)
1 1 91.228.74.134 27281 (QUANTCAST)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
373 81
1    104.20.60.209 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.bleepingcomputer.com
2    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
35    104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.bleepstatic.com
3    151.101.14.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
cdn.connatix.com
cdns.connatix.com
ck.connatix.com
1    2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
cse.google.com
2    2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
a.pub.network
1    212.71.236.117 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-212-71-236-117.london.nodebalancer.linode.com
ecdn.analysis.fi
6    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
1    2600:9000:20eb:ba00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
quantcast.mgr.consensu.org
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
9    2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
www.googletagservices.com
adservice.google.de
4    2.21.36.164 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-36-164.deploy.static.akamaitechnologies.com
s9.addthis.com
v1.addthisedge.com
s7.addthis.com
2    2600:9000:21f3:e00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
static.quantcast.mgr.consensu.org
3    35.188.71.214 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 214.71.188.35.bc.googleusercontent.com
d.pub.network
1    13.225.78.58 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-58.fra2.r.cloudfront.net
freestar-io.videoplayerhub.com
1    54.236.131.34 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-236-131-34.compute-1.amazonaws.com
core.connatix.com
4    2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
googleads.g.doubleclick.net
11    172.217.16.162 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
1    2600:9000:21f3:1400:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
vendorlist.consensu.org
3    13.224.196.47 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-47.fra2.r.cloudfront.net
ad-delivery.net
6    143.204.90.242 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-90-242.fra50.r.cloudfront.net
c.amazon-adsystem.com
2    151.101.13.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
confiant-integrations.global.ssl.fastly.net
1    52.86.189.110 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-86-189-110.compute-1.amazonaws.com
rtb.connatix.com
7    151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
i.connatix.com
1    13.225.78.121 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-121.fra2.r.cloudfront.net
api.quantcast.mgr.consensu.org
1    3.223.253.153 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-223-253-153.compute-1.amazonaws.com
trk.connatix.com
2    35.226.36.58 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.36.226.35.bc.googleusercontent.com
c.pub.network
2    34.206.108.72 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-206-108-72.compute-1.amazonaws.com
cluster-na.cdnjquery.com
1    13.224.196.64 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-64.fra2.r.cloudfront.net
audit.quantcast.mgr.consensu.org
2    2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
2    151.101.13.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
www.reddit.com
10    37.252.173.27 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
25    18.195.86.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
71    152.199.22.24 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
adserver-us.adtech.advertising.com
4    2.18.234.21 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
as-sec.casalemedia.com
9    69.173.144.142 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
fastlane.rubiconproject.com
4    52.58.48.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-48-163.eu-central-1.compute.amazonaws.com
tlx.3lift.com
8    2606:4700:10::6814:9174 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
i.connectad.io
cdn.connectad.io
10    34.95.120.147 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com
freestar-d.openx.net
eu-u.openx.net
4    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)
hbopenbid.pubmatic.com
12    104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
dmx.districtm.io
cdn.districtm.io
8    52.72.165.42 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-165-42.compute-1.amazonaws.com
mantodea.mantisadnetwork.com
4    2a02:fa8:8806:13::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
2    18.196.104.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
16    52.209.131.99 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
g2.gumgum.com
6    2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
6    2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
cdn.ampproject.org
2    172.217.21.230 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f6.1e100.net
ad.doubleclick.net
1    185.80.38.195 (Netherlands)

ASN27381 (CASALE-MEDIA - Index Exchange Inc., CA)
a3226.casalemedia.com
2    185.29.135.48 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)
tags.mathtag.com
2    18.195.61.72 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-61-72.eu-central-1.compute.amazonaws.com
protected-by.clarium.io
1    144.76.104.53 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.53.104.76.144.clients.your-server.de
hal9000.redintelligence.net
3    2.18.233.201 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
3    52.29.62.210 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-62-210.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    52.29.223.223 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-223-223.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    23.67.136.71 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-136-71.deploy.static.akamaitechnologies.com
stags.bluekai.com
2    138.201.63.145 (Heppenheim an der Bergstrasse, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.145.63.201.138.clients.your-server.de
hal900010.redintelligence.net
19    151.101.14.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
cdn.taboola.com
trc.taboola.com
1    151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
imprammp.zorosrv.com
3    2.16.31.65 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-16-31-65.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2606:4700::6810:a827 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.11teamsports.com
4    46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net
track.webgains.com
2    18.197.235.0 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-197-235-0.eu-central-1.compute.amazonaws.com
ads.creative-serving.com
1    2.16.186.90 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-90.deploy.static.akamaitechnologies.com
creative-a.akamaihd.net
6    2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
aktrack.pubmatic.com
1    2600:9000:20eb:d400:9:352d:a240:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
analytics.webgains.io
2    81.29.72.47 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net
diapi.webgains.com
2    18.196.229.216 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-229-216.eu-central-1.compute.amazonaws.com
rtb.mfadsrvr.com
1    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
pixel.rubiconproject.com
1    40.113.136.100 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
px.powerlinks.com
1    185.29.135.234 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)
sync.mathtag.com
6    151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
match.taboola.com
1    151.101.12.166 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
bh.contextweb.com
2    185.184.8.30 (Poland)

ASN204995 (RTB-HOUSE-AMS, NL)
PTR: unused-185-184-8-30.rtbhouse.net
creativecdn.com
ams.creativecdn.com
1    172.217.23.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s45-in-f2.1e100.net
cm.g.doubleclick.net
3    54.154.201.99 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-154-201-99.eu-west-1.compute.amazonaws.com
match.adsrvr.org
1    34.210.250.157 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-210-250-157.us-west-2.compute.amazonaws.com
www.storygize.net
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT - Bidtellect Inc., US)
PTR: 46.bidtellect.com
bttrack.com
1    130.211.13.252 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 252.13.211.130.bc.googleusercontent.com
cds.taboola.com
3    52.58.61.157 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-58-61-157.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    35.210.215.44 (Mountain View, United States)

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 44.215.210.35.bc.googleusercontent.com
ads.programattik.com
6    151.101.114.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
images.taboola.com
3    2a00:1450:4001:819::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
w-it.m-t.io
2    172.217.23.134 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s18-in-f134.1e100.net
8019191.fls.doubleclick.net
8    151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
acdn.adnxs.com
2    104.17.119.107 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
biddr.brealtime.com
1    23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
4    13.224.196.41 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-41.fra2.r.cloudfront.net
ib.3lift.com
5    35.157.209.134 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-209-134.eu-central-1.compute.amazonaws.com
eb2.3lift.com
1    91.228.74.134 (United Kingdom)

ASN27281 (QUANTCAST - Quantcast Corporation, US)
pixel.quantserve.com
1    2a02:fa8:8806:16::1400 (Sweden)

ASN41041 (VCLK-EU-, SE)
aol-match.dotomi.com
Apex Domain
Subdomains		 Transfer
74 advertising.com
adserver-us.adtech.advertising.com
pixel.advertising.com
26 KB
35 bleepstatic.com
www.bleepstatic.com
260 KB
32 taboola.com
cdn.taboola.com
trc.taboola.com
match.taboola.com
cds.taboola.com
images.taboola.com
204 KB
25 sharethrough.com
btlr.sharethrough.com
4 KB
19 doubleclick.net
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
ad.doubleclick.net
cm.g.doubleclick.net
8019191.fls.doubleclick.net
128 KB
18 adnxs.com
ib.adnxs.com
acdn.adnxs.com
10 KB
16 gumgum.com
g2.gumgum.com
9 KB
13 3lift.com
tlx.3lift.com
ib.3lift.com
eb2.3lift.com
4 KB
13 connatix.com
cdn.connatix.com
cdns.connatix.com
ck.connatix.com
core.connatix.com
rtb.connatix.com
i.connatix.com
trk.connatix.com
718 KB
12 districtm.io
dmx.districtm.io
cdn.districtm.io
692 B
11 rubiconproject.com
fastlane.rubiconproject.com
pixel.rubiconproject.com
eus.rubiconproject.com
18 KB
10 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
aktrack.pubmatic.com
49 KB
10 openx.net
freestar-d.openx.net
eu-u.openx.net
2 KB
9 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
126 KB
8 mantisadnetwork.com
mantodea.mantisadnetwork.com
1 KB
8 connectad.io
i.connectad.io
cdn.connectad.io
1 KB
7 pub.network
a.pub.network
d.pub.network
c.pub.network
234 KB
6 webgains.com
track.webgains.com
diapi.webgains.com
32 KB
6 mathtag.com
tags.mathtag.com
pixel.mathtag.com
sync.mathtag.com
4 KB
6 ampproject.org
cdn.ampproject.org
123 KB
6 amazon-adsystem.com
c.amazon-adsystem.com
30 KB
6 consensu.org
quantcast.mgr.consensu.org
static.quantcast.mgr.consensu.org
vendorlist.consensu.org
api.quantcast.mgr.consensu.org
audit.quantcast.mgr.consensu.org
136 KB
6 gstatic.com
fonts.gstatic.com
65 KB
5 dotomi.com
web.hb.ad.cpe.dotomi.com
aol-match.dotomi.com
2 KB
5 casalemedia.com
as-sec.casalemedia.com
a3226.casalemedia.com
8 KB
5 googletagservices.com
www.googletagservices.com
130 KB
4 google.com
www.google.com
cse.google.com
adservice.google.com
1 KB
3 m-t.io
w-it.m-t.io
494 B
3 bidswitch.net
x.bidswitch.net
1 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
3 redintelligence.net
hal9000.redintelligence.net
hal900010.redintelligence.net
5 KB
3 ad-delivery.net
ad-delivery.net
2 KB
3 addthis.com
s9.addthis.com
s7.addthis.com
189 KB
2 brealtime.com
biddr.brealtime.com
2 programattik.com
ads.programattik.com
1 KB
2 creativecdn.com
creativecdn.com
ams.creativecdn.com
748 B
2 mfadsrvr.com
rtb.mfadsrvr.com
1 KB
2 creative-serving.com
ads.creative-serving.com
2 KB
2 clarium.io
protected-by.clarium.io
690 B
2 emxdgt.com
hb.emxdgt.com
632 B
2 reddit.com
www.reddit.com
627 B
2 facebook.com
graph.facebook.com
755 B
2 cdnjquery.com
cluster-na.cdnjquery.com
712 B
2 fastly.net
confiant-integrations.global.ssl.fastly.net
77 KB
2 google-analytics.com
www.google-analytics.com
18 KB
2 googleapis.com
fonts.googleapis.com
2 KB
1 quantserve.com
pixel.quantserve.com
685 B
1 bttrack.com
bttrack.com
380 B
1 storygize.net
www.storygize.net
450 B
1 contextweb.com
bh.contextweb.com
627 B
1 powerlinks.com
px.powerlinks.com
402 B
1 webgains.io
analytics.webgains.io
13 KB
1 akamaihd.net
creative-a.akamaihd.net
315 B
1 11teamsports.com
www.11teamsports.com
1 zorosrv.com
imprammp.zorosrv.com
388 B
1 bluekai.com
stags.bluekai.com
753 B
1 yahoo.com
ups.analytics.yahoo.com
124 B
1 addthisedge.com
v1.addthisedge.com
924 B
1 moatads.com
z.moatads.com
1 KB
1 google.de
adservice.google.de
171 B
1 videoplayerhub.com
freestar-io.videoplayerhub.com
30 KB
1 analysis.fi
ecdn.analysis.fi
1 KB
1 googletagmanager.com
www.googletagmanager.com
27 KB
1 bleepingcomputer.com
www.bleepingcomputer.com
14 KB
373 65
Domain Requested by
71 adserver-us.adtech.advertising.com 26 redirects a.pub.network
35 www.bleepstatic.com www.bleepingcomputer.com
cdn.connatix.com
www.bleepstatic.com
a.pub.network
www.google-analytics.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
25 btlr.sharethrough.com a.pub.network
16 g2.gumgum.com a.pub.network
14 trc.taboola.com 6 redirects cdn.taboola.com
www.bleepingcomputer.com
11 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.bleepingcomputer.com
10 ib.adnxs.com 2 redirects a.pub.network
9 fastlane.rubiconproject.com a.pub.network
8 acdn.adnxs.com a.pub.network
8 mantodea.mantisadnetwork.com a.pub.network
8 dmx.districtm.io a.pub.network
7 i.connatix.com www.bleepingcomputer.com
6 eu-u.openx.net 2 redirects a.pub.network
6 images.taboola.com www.bleepingcomputer.com
6 match.taboola.com www.bleepingcomputer.com
6 cdn.ampproject.org securepubads.g.doubleclick.net
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.bleepingcomputer.com
6 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
6 fonts.gstatic.com cdn.connatix.com
www.bleepstatic.com
www.bleepingcomputer.com
securepubads.g.doubleclick.net
5 eb2.3lift.com 1 redirects a.pub.network
5 ads.pubmatic.com www.bleepingcomputer.com
a.pub.network
5 cdn.taboola.com www.bleepingcomputer.com
cdn.taboola.com
5 www.googletagservices.com a.pub.network
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
4 ib.3lift.com 4 redirects
4 cdn.districtm.io a.pub.network
4 cdn.connectad.io a.pub.network
4 track.webgains.com www.bleepingcomputer.com
4 web.hb.ad.cpe.dotomi.com a.pub.network
4 hbopenbid.pubmatic.com a.pub.network
4 freestar-d.openx.net a.pub.network
4 i.connectad.io a.pub.network
4 tlx.3lift.com a.pub.network
4 as-sec.casalemedia.com a.pub.network
3 w-it.m-t.io analytics.webgains.io
3 x.bidswitch.net 3 redirects
3 match.adsrvr.org 2 redirects
3 sb.scorecardresearch.com 1 redirects cdn.taboola.com
www.bleepingcomputer.com
3 pixel.advertising.com 1 redirects
3 pixel.mathtag.com www.bleepingcomputer.com
3 ad-delivery.net freestar-io.videoplayerhub.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.bleepingcomputer.com
3 d.pub.network a.pub.network
3 pagead2.googlesyndication.com www.bleepingcomputer.com
pagead2.googlesyndication.com
2 biddr.brealtime.com a.pub.network
2 8019191.fls.doubleclick.net 1 redirects www.bleepingcomputer.com
2 ads.programattik.com 2 redirects
2 rtb.mfadsrvr.com 2 redirects
2 diapi.webgains.com track.webgains.com
2 ads.creative-serving.com 2 redirects
2 hal900010.redintelligence.net www.bleepingcomputer.com
2 protected-by.clarium.io www.bleepingcomputer.com
2 tags.mathtag.com www.bleepingcomputer.com
2 ad.doubleclick.net 1 redirects www.bleepingcomputer.com
2 hb.emxdgt.com a.pub.network
2 www.reddit.com s9.addthis.com
2 graph.facebook.com s9.addthis.com
2 cluster-na.cdnjquery.com freestar-io.videoplayerhub.com
2 c.pub.network a.pub.network
2 s7.addthis.com s9.addthis.com
2 confiant-integrations.global.ssl.fastly.net a.pub.network
confiant-integrations.global.ssl.fastly.net
2 static.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
2 www.google-analytics.com www.googletagmanager.com
www.bleepingcomputer.com
2 a.pub.network www.bleepingcomputer.com
a.pub.network
2 www.google.com 2 redirects
2 fonts.googleapis.com www.bleepingcomputer.com
securepubads.g.doubleclick.net
1 aol-match.dotomi.com
1 pixel.quantserve.com 1 redirects
1 eus.rubiconproject.com a.pub.network
1 cds.taboola.com www.bleepingcomputer.com
1 bttrack.com www.bleepingcomputer.com
1 www.storygize.net 1 redirects
1 cm.g.doubleclick.net 1 redirects
1 ams.creativecdn.com 1 redirects
1 creativecdn.com 1 redirects
1 bh.contextweb.com 1 redirects
1 sync.mathtag.com 1 redirects
1 px.powerlinks.com 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 analytics.webgains.io track.webgains.com
1 aktrack.pubmatic.com www.bleepingcomputer.com
1 creative-a.akamaihd.net www.bleepingcomputer.com
1 www.11teamsports.com www.bleepingcomputer.com
1 imprammp.zorosrv.com www.bleepingcomputer.com
1 stags.bluekai.com www.bleepingcomputer.com
1 ups.analytics.yahoo.com www.bleepingcomputer.com
1 hal9000.redintelligence.net www.bleepingcomputer.com
1 a3226.casalemedia.com www.bleepingcomputer.com
1 audit.quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org
1 trk.connatix.com www.bleepingcomputer.com
1 api.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rtb.connatix.com cdns.connatix.com
1 vendorlist.consensu.org quantcast.mgr.consensu.org
1 v1.addthisedge.com s9.addthis.com
1 z.moatads.com s9.addthis.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 core.connatix.com cdns.connatix.com
1 freestar-io.videoplayerhub.com a.pub.network
1 ck.connatix.com cdns.connatix.com
1 s9.addthis.com www.bleepingcomputer.com
1 quantcast.mgr.consensu.org www.bleepstatic.com
1 cdns.connatix.com cdn.connatix.com
1 ecdn.analysis.fi www.bleepingcomputer.com
1 cse.google.com www.bleepingcomputer.com
1 www.googletagmanager.com www.bleepingcomputer.com
1 cdn.connatix.com www.bleepingcomputer.com
1 www.bleepingcomputer.com
373 107

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
deals.bleepingcomputer.com
connatix.com
youtu.be
Subject Issuer Validity Valid
bleepingcomputer.com
COMODO RSA Domain Validation Secure Server CA		 2018-05-12 -
2020-05-17		 2 years crt.sh
*.googleapis.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-11-11 -
2020-10-09		 a year crt.sh
j3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-11-15 -
2020-09-16		 10 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
*.analysis.fi
Sectigo RSA Domain Validation Secure Server CA		 2019-06-13 -
2020-06-12		 a year crt.sh
quantcast.mgr.consensu.org
Amazon		 2019-05-06 -
2020-06-06		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2019-10-10 -
2020-09-04		 a year crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2		 2019-02-09 -
2020-05-16		 a year crt.sh
*.videoplayerhub.com
Amazon		 2019-07-18 -
2020-08-18		 a year crt.sh
*.connatix.com
Amazon		 2019-10-19 -
2020-11-19		 a year crt.sh
moatads.com
DigiCert ECC Secure Server CA		 2018-11-10 -
2020-02-09		 a year crt.sh
vendorlist.consensu.org
Amazon		 2019-03-06 -
2020-04-06		 a year crt.sh
ad-delivery.net
Amazon		 2019-03-07 -
2020-04-07		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2019-10-07 -
2020-09-29		 a year crt.sh
*.freetls.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-01-02 -
2020-01-03		 a year crt.sh
*.assetbucket.net
Amazon		 2019-09-11 -
2020-10-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-11-06 -
2020-02-04		 3 months crt.sh
*.reddit.com
DigiCert SHA2 Secure Server CA		 2018-08-17 -
2020-09-02		 2 years crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.sharethrough.com
Amazon		 2019-10-07 -
2020-11-07		 a year crt.sh
*.adtech.advertising.com
DigiCert SHA2 High Assurance Server CA		 2018-05-22 -
2020-05-26		 2 years crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2019-07-17 -
2020-03-09		 8 months crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
*.3lift.com
Amazon		 2019-07-17 -
2020-08-17		 a year crt.sh
connectad.io
CloudFlare Inc ECC CA-2		 2019-07-18 -
2020-07-17		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2018-01-04 -
2020-07-09		 3 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
districtm.io
CloudFlare Inc ECC CA-2		 2019-03-26 -
2020-03-26		 a year crt.sh
*.mantisadnetwork.com
Amazon		 2019-04-21 -
2020-05-21		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign Organization Validation CA - SHA256 - G2		 2018-05-25 -
2020-05-25		 2 years crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2019-07-17 -
2020-07-17		 a year crt.sh
*.gumgum.com
Amazon		 2019-07-31 -
2020-08-31		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
misc-sni.google.com
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
*.doubleclick.net
GTS CA 1O1		 2019-11-05 -
2020-01-28		 3 months crt.sh
*.casalemedia.com
Go Daddy Secure Certificate Authority - G2		 2018-10-12 -
2020-12-13		 2 years crt.sh
*.mathtag.com
DigiCert SHA2 Secure Server CA		 2018-01-26 -
2020-04-16		 2 years crt.sh
protected-by.clarium.io
Gandi Standard SSL CA 2		 2018-04-26 -
2020-04-26		 2 years crt.sh
*.redintelligence.net
Go Daddy Secure Certificate Authority - G2		 2019-03-22 -
2020-03-22		 a year crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2019-01-25 -
2020-04-25		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2019-10-30 -
2020-04-27		 6 months crt.sh
f2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-07-30 -
2020-07-25		 a year crt.sh
g2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-11-21 -
2020-11-12		 a year crt.sh
*.scorecardresearch.com
COMODO RSA Organization Validation Secure Server CA		 2018-11-28 -
2019-12-26		 a year crt.sh
11teamsports.com
CloudFlare Inc ECC CA-2		 2019-02-11 -
2020-02-11		 a year crt.sh
*.webgains.com
Sectigo RSA Domain Validation Secure Server CA		 2019-05-20 -
2021-06-08		 2 years crt.sh
a248.e.akamai.net
DigiCert Secure Site ECC CA-1		 2019-08-13 -
2020-08-12		 a year crt.sh
*.webgains.io
Amazon		 2019-05-08 -
2020-06-08		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2019-03-19 -
2021-04-13		 2 years crt.sh
*.taboola.com
DigiCert ECC Secure Server CA		 2019-09-03 -
2020-09-10		 a year crt.sh
w-it.m-t.io
Let's Encrypt Authority X3		 2019-10-15 -
2020-01-13		 3 months crt.sh
cdn.adnxs.com
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-16 -
2020-05-16		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2017-03-22 -
2020-03-22		 3 years crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2017-06-14 -
2020-06-18		 3 years crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2019-03-07 -
2021-04-19		 2 years crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh

This page contains 53 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Frame ID: 8003C085CE5C3064436BB715F9A393DE
Requests: 254 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1821/min/connatix.renderer.infeed.min_dc.js
Frame ID: BAB38ABE8EBCB0808B8A9CEB3C1CA929
Requests: 4 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Frame ID: B3DD8E0910565B32685AD6C5C5AC756B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/zrt_lookup.html
Frame ID: C5CFFEFB331D310595B4743449A24DEA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574109363&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574725402440&bpp=5&bdt=351&fdt=74&idt=74&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8199325255381&frm=20&pv=2&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&ga_fc=0&iag=0&icsg=571746057461760&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21064603%2C21065126%2C26835105&oid=3&pvsid=1679836093837318&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=85
Frame ID: 5D7A2BD840C0E7033D9402C955C4ABE8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: B7D366FDC50321815687844660D1CA4D
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Frame ID: BE55FFC7BE42A9A84AA6D82D8DAF4A69
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuaHOEE6T9RVDFDR74LkRHgNzBYVTYOoa9G8qditNK3zqHEUrl8trbJPTwfkMAy9_4qNNkFvgdxqs_07IN4vgfI6l8jbCkJZZ1vZD_RjEGRgR8fgoRGpRdYDkJgKojNLbCQ-ryL_qrirpVajgKGP-CfJw36UtD3v1bzJYjXRaoVSm4Crbp_Dji4SBQWbCr9fT_3qi6MjuGeQ8Cx9aTzz2JDdeaKPoflyahQcdlNDMjNq20tUtClaLFi1vBjI5IVFtR_BrNyf_bsDkdi_zZ7cnG8fnTPveGbriCG&sig=Cg0ArKJSzMi19ZZX4F18EAE&urlfix=1&adurl=
Frame ID: 260B8A11658A2E34F014222552FA2031
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Frame ID: 1779E0C463E99F844BADB06DE91C0F92
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVRWSGdKF5c-D2nihM3-jIE4Yp9ofF0tP3nIygHcdRh58BAqY3kdvD2_NOkoC_wx2EkofVP9ZIPW2RKqRkG1aU_Se8afDe89O1BMf1k53B0jWfVGbYQ5gcgFxAtPGegECwch2j3L7DkIvwNUuy_l_8Buqkhz_fyXxWhxdFdBYrlwhR-Afb5-I5UJK9O-SHIiOltOaNlpzQdyEsg8tQ4en4WfxlY2YdI-UHz3WN76ihodm4a263vqfRlLpVIEpcxLSe09sanMHF5tcaArDctueOMxfAFD5y9g_zUQUSeiNezmLjQqxWs5M4IXGQqxqVjcsQ48mhTA&sig=Cg0ArKJSzLbtRiyNkT__EAE&urlfix=1&adurl=
Frame ID: 0B385A1F581F7CD4C44D7DC0ACD92592
Requests: 24 HTTP requests in this frame

Frame: https://a3226.casalemedia.com/ifnotify?gdprconsent=1&c=1323445&r=351FD051&t=5DDC671C&u=WGR4bkc3bFFKc01BQUJ0VHc0MEFBQUNK&m=a162d95e7096d982ea20af3152b2b3ea&wp=11&aid=85B2F7064D1B0C64&tid=15063&s=6015A&cp=0.17&n=www.bleepingcomputer.com&pr=xx&epr=196d28c34b03d23d
Frame ID: A9FE251DB239800475BF621235C4AD58
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvD3zDbZtFWIa_IEJUw7nEVVcmcs1ej0tTMCS7hsFMQnU5cBM2Fb4IwKSFK4lY5V36G7RkkeLSohDd-c_YPd3Nvrp41ABt-S27Gk1Wmr6ePaKQAphoX6S5jgoG0uEry6ExfBTFoy9aA-oiEnwiJl-8zuXakzfrotje0g3M9Cby6P9shm95MFjhv_PRPTGoc2lLTDYKuEdkN637PnrbPfbPuelCIUpn-taWQBXe8JAaJVFenk0SWkqzuvE5anVY5kPsHrQJOyUVeSFPpB5WmzP44dz5rY-Sq4K81VeRmXwbFutSqdmZ1dYkz1mI3PevoZ0_SZ5CA&sig=Cg0ArKJSzMCI5xuh65_3EAE&urlfix=1&adurl=
Frame ID: 987E2AD609797E958D8932313BD1C691
Requests: 20 HTTP requests in this frame

Frame: https://www.11teamsports.com/de-de/htlp-webgains
Frame ID: 362BB1FC4605509DB61FE40C769C1A45
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A1071AE7437DC56916506B46135B78F4
Requests: 1 HTTP requests in this frame

Frame: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156696&siteId=269885&adId=1325175&adType=10&adServerId=243&kefact=0.095205&kaxefact=0.095205&kadNetFrequecy=0&kadwidth=300&kadheight=600&kadsizeid=26&kltstamp=1574725404&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.099690&dcId=3&tldId=59673386&passback=0&svr=BID22439U&ekefact=HGfcXVV_CQDKR7bK1GFwr_-Kkq8YYf5I-Rg8VvzTrpc7jTOh&ekaxefact=HGfcXXF_CQBsqR_CiyaF9_ceU2iXdTX56fa9wb1Z-wlU6Z7A&ekpbmtpfact=HGfcXYh_CQBSlduQXOlzRqgpzdxYnjd6ZtuVDdXITUqq-20U&crID=5303405&lpu=hawaiianairlines.com&ucrid=655095578865346936&campaignId=15208&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=734&wbId=5&wrId=0&wAdvID=12906&isRTB=1&rtbId=630D3AFF-04EE-4A65-A535-3C11309F36F6&imprId=6244F509-7448-497A-9042-3D2251CF00FD&oid=6244F509-7448-497A-9042-3D2251CF00FD&cntryId=58&domain=bleepingcomputer.com&pageURL=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&sec=1
Frame ID: F7BBD5536169916AF1D907919A9CC84E
Requests: 1 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=bb8342a3-3147-47f6-83c2-80419520fc4b
Frame ID: F9F31B4AF99DF52CFE0341E626D25AE4
Requests: 14 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35
Frame ID: 93F61EEC5E1323FB6EE350EEF19ECB17
Requests: 1 HTTP requests in this frame

Frame: https://hal900010.redintelligence.net/request_content.php?s=33301600002082801049096011059010&a=145f2395
Frame ID: B359E8EAA2CA9CAC8DCF9DDA96C323FD
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404675&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Frame ID: A32082F80DA25809854F90C8C23DDE75
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 8DB41934FF18737E83F397353726E1FE
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 4E72669EC34EF167D1B679B98D06DC9E
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: C0D6C40415EAE454DDD9C0033171D917
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: D358D32A3DA2AAE9B8B586FD9770023D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 7BC5C248FA1C5ACE42CEAE251BEA2853
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: FD45318CE055090709B549D09164869B
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 66AA16BAB41983C20C203A6A7C474424
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: C466742E4B7849FE7F94FB89CD77F070
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 16E840E0BF5FBDEE94114C6750748BB6
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 5DD9F7E2436452CC377911BD029CD2E4
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 1759AE01C02F320D5313955887FDB7CE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: EC4D3950BAD7A2D6202514C6112C769A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: E2E1091D02584DCB1E8ADCE05C3ED060
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: A7D026B34F88ABEA19AA9A8FFE4A6400
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 4B7B9DB52792A96731A3EB78EDD08410
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 5E4739F0062127505AED625E51CD5ACE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 08ED4107056EDB016D7A4F497A7425FF
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 031E20100D5307E27787AF5B2B1F5263
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 39AE787D940E33990A88CF9B6F10BA87
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 808E99B5DB0A66DE1E281132100A9887
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 1EC0A772414A74140BE9E988AE707583
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 517EEC08407E4BCAC1799D293AA5BE94
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: B79FC4408764838F13C123F9CA13849B
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 1A675ECEB2357AA56CCBA0868256A187
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 56F38929505C5E37A93D65E42942C91F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 6DC6750DE7E9E8CADF022B513BE3D92C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 8DB3610E03550FDB94EFED3C3D89D9D9
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 3BD7DFF7042C42B91BCA27EAD5D98B1B
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404666&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Frame ID: 8A168D303DD9973F4A1C41711983D3DF
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 0E26A17E2CA51E6EBFA9F94D236D653D
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404517&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Frame ID: B4465C7141102832CB3884E45E277C01
Requests: 1 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404030&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Frame ID: 4784F7C987B9993F750058A6B3D43C90
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 0449D97DD6F28390E72248F0A800D17D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C2FA2FEF9F016B7D1A850CD9C21165DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

373
Requests

100 %
HTTPS

22 %
IPv6

65
Domains

107
Subdomains

81
IPs

9
Countries

2700 kB
Transfer

7003 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Request Chain 122
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
Request Chain 123
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
Request Chain 124
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
Request Chain 125
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
Request Chain 126
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
Request Chain 127
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
Request Chain 128
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
Request Chain 129
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
Request Chain 130
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
Request Chain 131
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
Request Chain 132
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
Request Chain 133
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
Request Chain 134
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
Request Chain 166
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
Request Chain 167
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
Request Chain 168
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
Request Chain 169
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
Request Chain 170
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
Request Chain 171
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
Request Chain 172
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
Request Chain 173
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
Request Chain 174
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
Request Chain 175
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
Request Chain 176
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
Request Chain 177
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
Request Chain 178
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
Request Chain 223
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_pre=CJuj5aLFhuYCFc6rdwodwQcONw;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 234
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 284
  • https://pixel.advertising.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent=&apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc
Request Chain 296
  • https://ads.creative-serving.com/tr/adpepperc.2/3031595;sz=1x1;cmp=2335599;cr=1050550 HTTP 302
  • https://ads.creative-serving.com/tr/adpepperc.2/3031595;sz=1x1;cmp=2335599;cr=1050550;fl_inst=0;ul_cb=1 HTTP 302
  • https://creative-a.akamaihd.net/newui_adpepper/2019-11-22/newui_adpepper_22-11-2019_21936805_1x1.gif
Request Chain 301
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c9=
Request Chain 307
  • https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
  • https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=bb8342a3-3147-47f6-83c2-80419520fc4b
Request Chain 308
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698 HTTP 302
  • https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=K3F2UI41-17-UOZ
Request Chain 309
  • https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D HTTP 302
  • https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=CxjAxGQW4a4DcnlntYDHqmEzQLTnJd-DHLC6ynKtvwM%3D
Request Chain 310
  • https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID] HTTP 302
  • https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d HTTP 302
  • https://match.taboola.com/sg/mediamath-ssp-network/1/rtb-h?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3Da2235ddc-671c-4801-b7b8-ba09c4126a4d
Request Chain 311
  • https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Ftrc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%% HTTP 302
  • https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=eyGPGP9LJC50&ev=1&pid=562107
Request Chain 312
  • https://creativecdn.com/cm-notify?pi=taboola HTTP 302
  • https://ams.creativecdn.com/cm-notify?pi=taboola&tc=1 HTTP 302
  • https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=4nlDm6Y3H27xAUJ1egcU&pi=taboola&tc=1
Request Chain 313
  • https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
  • https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355 HTTP 302
  • https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8638635457441679355&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D8638635457441679355
Request Chain 314
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&google_cver=1 HTTP 302
  • https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3DCAESEGZRA4CV-1TzZPj1MNnwkT0%26google_cver%3D1
Request Chain 315
  • https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
  • https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355
Request Chain 316
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0 HTTP 302
  • https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D428058ad-1068-429b-a448-657f64ea2bb0
Request Chain 317
  • https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d HTTP 302
  • https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1 HTTP 302
  • https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D55479f73-9854-40d3-8a0a-8d0f2e2be3c1
Request Chain 320
  • https://x.bidswitch.net/sync?ssp=taboola HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=taboola HTTP 302
  • https://ads.programattik.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
  • https://ads.programattik.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=156&expires=14&user_id=bd638c71-c351-4dd8-8dd7-33e38ffe804d&ssp=taboola HTTP 302
  • https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5 HTTP 302
  • https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D1c243162-cbae-427c-8bff-f26bd890c2f5
Request Chain 336
  • https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35 HTTP 302
  • https://8019191.fls.doubleclick.net/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35
Request Chain 344
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Request Chain 345
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1 HTTP 302
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Request Chain 355
  • https://ib.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 356
  • https://ib.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync
Request Chain 359
  • https://ib.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync
Request Chain 371
  • https://ib.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync
Request Chain 378
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=mNuqvpuI_O-Ah6i4lY7j6MmN9--Ah__sndne_RnA

373 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/ 		68 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.60.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaf366ed206369e4ea7b3fa9c670390c5404525e4ed062987f26ac1cf84dcdcb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.bleepingcomputer.com
:scheme
https
:path
/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:22 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d3ebc3e2fad42be95e4c620f5511255d41574725401; expires=Wed, 25-Dec-19 23:43:21 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; Secure session_id=e27cb586c59c2e12df19d2c2491630e4; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=7233; expires=Wed, 25-Dec-2019 23:43:21 GMT; Max-Age=2592000; path=/;Secure
content-security-policy
upgrade-insecure-requests;
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
last-modified
Mon, 18 Nov 2019 20:36:03 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
53b77bfebd5f63a1-FRA
content-encoding
br
css
fonts.googleapis.com/ 		14 KB
908 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 25 Nov 2019 23:43:22 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 25 Nov 2019 23:43:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:22 GMT
bootstrap.css
www.bleepstatic.com/css/redesign/ 		111 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2098369
cf-polished
origSize=137522
status
200
cf-bgj
minify
last-modified
Fri, 23 Sep 2016 14:33:06 GMT
server
cloudflare
etag
W/"2184297232"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c032c3e59ee-VIE
expires
Fri, 01 Nov 2019 16:48:04 GMT
main.css
www.bleepstatic.com/css/redesign/ 		51 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2028847
cf-polished
origSize=60842
status
200
cf-bgj
minify
last-modified
Thu, 16 Aug 2018 15:28:40 GMT
server
cloudflare
etag
W/"4249134023"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c032c4159ee-VIE
expires
Sat, 02 Nov 2019 12:08:26 GMT
home.css
www.bleepstatic.com/css/redesign/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/home.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2942818
cf-polished
origSize=14998
status
200
cf-bgj
minify
last-modified
Sat, 24 Mar 2018 16:18:00 GMT
server
cloudflare
etag
W/"2402535603"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c032c4259ee-VIE
expires
Tue, 26 Nov 2019 22:16:24 GMT
news.css
www.bleepstatic.com/css/redesign/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/news.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c237e0ee4bb4f57215b8ea2c46b4c70b62bfdc6753cc019971ded30e06c96246

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
5776
cf-polished
origSize=32759
status
200
cf-bgj
minify
last-modified
Fri, 09 Aug 2019 18:26:37 GMT
server
cloudflare
etag
W/"3737855504"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c032c4359ee-VIE
expires
Fri, 22 Nov 2019 22:32:26 GMT
jquery-1.11.1.min.js
www.bleepstatic.com/js/redesign/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 12:36:44 GMT
server
cloudflare
age
4883
etag
W/"3647451394"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
53b77c032c4459ee-VIE
access-control-allow-origin
*
expires
Fri, 22 Nov 2019 22:26:19 GMT
news.js
www.bleepstatic.com/js/redesign/ 		183 B
252 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/news.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
4934
cf-polished
origSize=247
status
200
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 15:41:46 GMT
server
cloudflare
etag
W/"4218930423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c032c4559ee-VIE
expires
Fri, 22 Nov 2019 22:32:25 GMT
connatix.renderer.infeed.min.js
cdn.connatix.com/min/ 		957 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash
8c384b845493e6f826bb631e297ecdcec6a2e86452de772e9f4f5d44985e4671

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
content-type
application/javascript
status
200
x-referer-host
bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1574725402.106002,VS0,VE0
content-length
957
retry-after
0
x-served-by
cache-fra19122-FRA
qc-consent.js
www.bleepstatic.com/js/qc-consent/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2132567
cf-polished
origSize=3848
status
200
cf-bgj
minify
last-modified
Thu, 07 Feb 2019 13:49:44 GMT
server
cloudflare
etag
W/"3981350888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c035c4f59ee-VIE
expires
Thu, 31 Oct 2019 14:44:47 GMT
js
www.googletagmanager.com/gtag/ 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4cae697d304b6cae1bb457589d549ec39239ca1d1e32bd7201200cb7562eeb32
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
last-modified
Mon, 25 Nov 2019 21:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
27662
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:22 GMT
logo.png
www.bleepstatic.com/images/site/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
450
cf-polished
origFmt=png, origSize=1882
status
200
content-disposition
inline; filename="logo.webp"
cf-bgj
imgq:85
content-length
1152
last-modified
Sat, 04 Mar 2017 04:12:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c037c6859ee-VIE
expires
Wed, 25 Dec 2019 23:35:52 GMT
brand
cse.google.com/coop/cse/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
pfe /
Resource Hash
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:42:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
pfe
age
49
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1181
x-xss-protection
0
expires
Tue, 26 Nov 2019 00:12:33 GMT

Redirect headers

date
Mon, 25 Nov 2019 23:43:22 GMT
x-content-type-options
nosniff
server
sffe
location
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
266
x-xss-protection
0
pubfig.min.js
a.pub.network/bleepingcomputer-com/ 		438 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ba6d68a3b877b1f5607cf9600430eb206a22a09f1d32acbe0e51fd64ceb18fa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
23
status
200
x-guploader-uploadid
AEnB2UqkpY-SdYr1Z5XXVDcIb8LF3uzBJ1YNgbU8sSfUskIOvQEt5iYVdWJNnGUjUc1jhcB4swAC3uZd7zhalYOhTC8Fs4VkrQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Mon, 25 Nov 2019 22:03:44 GMT
server
cloudflare
etag
W/"2e867f0aa51aed653faad16e9a32ca95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ErDy+w==, md5=LoZ/CqUa7WU/qtFumjLKlQ==
content-type
application/javascript
x-goog-generation
1574719424644840
cache-control
public, max-age=1800
x-goog-stored-content-length
448459
cf-ray
53b77c037eba8c68-VIE
expires
Mon, 25 Nov 2019 23:43:59 GMT
fab.js
ecdn.analysis.fi/static/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.analysis.fi/static/js/fab.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.71.236.117 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
nb-212-71-236-117.london.nodebalancer.linode.com
Software
nginx/1.12.2 /
Resource Hash
a00d8ffa45611c04d84361ae0d37d38da8be0e11dfde738f4142a97f32b752eb

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:45:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jul 2015 00:00:00 GMT
Server
nginx/1.12.2
ETag
"55a5a280-390"
Content-Type
application/javascript
Cache-Control
max-age=3600
Connection
close
Content-Length
912
Expires
Tue, 26 Nov 2019 00:45:14 GMT
login_bg.png
www.bleepstatic.com/images/site/ 		126 B
290 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login_bg.png
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
423912
cf-polished
origFmt=png, origSize=187
status
200
content-disposition
inline; filename="login_bg.webp"
cf-bgj
imgq:85
content-length
126
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c038c6d59ee-VIE
expires
Sat, 21 Dec 2019 01:58:10 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
499058
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Thu, 19 Nov 2020 05:05:44 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Fri, 22 Nov 2019 04:03:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
330018
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Sat, 21 Nov 2020 04:03:04 GMT
connatix.renderer.infeed.min_dc.js
cdns.connatix.com/p/1821/min/ Frame BAB3 		720 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.connatix.com/p/1821/min/connatix.renderer.infeed.min_dc.js
Requested by
Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
568503677ef49a7cf748894316d6f4e7c91ad521a4d2e915ebdef6bd677c0afa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
age
48978
x-cache
HIT, HIT
status
200
content-length
191461
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17727-DCA, cache-fra19122-FRA
last-modified
Mon, 25 Nov 2019 10:02:52 GMT
x-timer
S1574725402.167614,VS0,VE0
etag
"121c7839834d40b9b34c80fac27ba58a"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2938
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
nav_bg.png
www.bleepstatic.com/images/site/ 		72 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/nav_bg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
1045934
cf-polished
origFmt=png, origSize=83
status
200
content-disposition
inline; filename="nav_bg.webp"
cf-bgj
imgq:85
content-length
72
last-modified
Sat, 04 Mar 2017 07:57:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03ac7259ee-VIE
expires
Fri, 13 Dec 2019 21:11:08 GMT
cmp.js
quantcast.mgr.consensu.org/ 		213 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/cmp.js
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:ba00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:28:37 GMT
content-encoding
gzip
last-modified
Mon, 25 Nov 2019 17:24:00 GMT
server
AmazonS3
age
1011
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
8_lSh5Ms6OE26v5o5jlYOKkGVsOrA88HCotaLzMcbUizs2QlT6kfGw==
via
1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)
20x20-printer.png
www.bleepstatic.com/images/site/ 		422 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
1044255
cf-polished
origFmt=png, origSize=824
status
200
content-disposition
inline; filename="20x20-printer.webp"
cf-bgj
imgq:85
content-length
422
last-modified
Sat, 03 Oct 2015 03:18:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03ac7559ee-VIE
expires
Fri, 13 Dec 2019 21:39:07 GMT
calendar.png
www.bleepstatic.com/images/site/ 		86 B
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/calendar.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
446264
cf-polished
origFmt=png, origSize=129
status
200
content-disposition
inline; filename="calendar.webp"
cf-bgj
imgq:85
content-length
86
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03ac7659ee-VIE
expires
Fri, 20 Dec 2019 19:45:37 GMT
clock.png
www.bleepstatic.com/images/site/ 		252 B
415 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/clock.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
440213
cf-polished
origFmt=png, origSize=1316
status
200
content-disposition
inline; filename="clock.webp"
cf-bgj
imgq:85
content-length
252
last-modified
Fri, 29 May 2015 07:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03ac7759ee-VIE
expires
Fri, 20 Dec 2019 21:26:29 GMT
comment-light.png
www.bleepstatic.com/images/site/ 		96 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comment-light.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
5532
cf-polished
origFmt=png, origSize=1034
status
200
content-disposition
inline; filename="comment-light.webp"
cf-bgj
imgq:85
content-length
96
last-modified
Fri, 29 May 2015 07:08:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03ac7859ee-VIE
expires
Sun, 17 Nov 2019 22:27:17 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 21 Nov 2019 23:39:14 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
345848
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11180
x-xss-protection
0
expires
Fri, 20 Nov 2020 23:39:14 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
4185
date
Mon, 25 Nov 2019 22:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Tue, 26 Nov 2019 00:33:37 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		103 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
aa3a249cabad1f76bb1aa4325dee2bd1d9bdd736b6e07349344958162b1a0458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
37541
x-xss-protection
0
server
cafe
etag
5881864330447484035
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 25 Nov 2019 23:43:22 GMT
twitter.png
www.bleepstatic.com/images/site/login/ 		282 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login/twitter.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
1282059
cf-polished
origFmt=png, origSize=475
status
200
content-disposition
inline; filename="twitter.webp"
cf-bgj
imgq:85
content-length
282
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c03cc7d59ee-VIE
expires
Wed, 11 Dec 2019 03:35:43 GMT
bootstrap.js
www.bleepstatic.com/js/redesign/ 		44 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
4707
cf-polished
origSize=65813
status
200
cf-bgj
minify
last-modified
Thu, 23 Apr 2015 12:36:43 GMT
server
cloudflare
etag
W/"3930092018"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c03cc7f59ee-VIE
expires
Fri, 22 Nov 2019 22:32:26 GMT
blazy.min.js
www.bleepstatic.com/js/blazy/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Aug 2018 21:06:19 GMT
server
cloudflare
age
4883
etag
W/"753357888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
53b77c03dc8259ee-VIE
access-control-allow-origin
*
expires
Fri, 22 Nov 2019 22:32:26 GMT
bleep.js
www.bleepstatic.com/js/redesign/ 		3 KB
766 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bleep.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2274792
cf-polished
origSize=3600
status
200
cf-bgj
minify
last-modified
Mon, 01 Oct 2018 12:47:57 GMT
server
cloudflare
etag
W/"2696894447"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c03dc8459ee-VIE
expires
Wed, 30 Oct 2019 15:49:59 GMT
jquery.fancybox.js
www.bleepstatic.com/js/redesign/fancybox/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
2566219
cf-polished
origSize=48706
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"327140449"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c03dc8559ee-VIE
expires
Sun, 27 Oct 2019 06:52:21 GMT
fixto.min.js
www.bleepstatic.com/js/fixto/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 13 Jun 2015 21:34:42 GMT
server
cloudflare
age
2459063
etag
W/"1740214911"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
max-age=3024000
cf-ray
53b77c03dc8359ee-VIE
access-control-allow-origin
*
expires
Mon, 28 Oct 2019 12:38:16 GMT
addthis_widget.js
s9.addthis.com/js/300/ 		349 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s9.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 30 Oct 2019 19:35:04 GMT
server
nginx/1.15.8
etag
"5db9e5e8-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Mon, 25 Nov 2019 23:43:22 GMT
x-host
s9.addthis.com
content-length
114924
g
ck.connatix.com/ 		46 B
102 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ck.connatix.com/g?callback=cnxJSONP_c6c588bb0c7d9cd933a01574725402217
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1821/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash
3adfe7a9a1f11f449f503e78371096370444770b29469d80d5d133e218ccf47b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish
server
Varnish
age
0
x-cache
HIT
status
200
cache-control
no-cache, no-store, must-revalidate, max-age=0
x-cache-hits
0
accept-ranges
bytes
x-timer
S1574725402.222152,VS0,VE0
content-length
46
retry-after
0
x-served-by
cache-fra19122-FRA
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 21 Nov 2019 23:44:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
345523
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 20 Nov 2020 23:44:39 GMT
cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v27/ Frame B3DD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
static.quantcast.mgr.consensu.org
:scheme
https
:path
/v27/cmp-3pc-check.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
content-type
text/html
content-length
583
last-modified
Mon, 18 Nov 2019 19:20:05 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
server
AmazonS3
date
Mon, 25 Nov 2019 23:39:40 GMT
etag
"2382c3f01978a379e8fa8bc1a3bec605"
x-cache
Hit from cloudfront
via
1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
ti4HSV5XEgRTjdfFNZo9ExYch-uSj0wL58JQlEfja3L-OWAlGbo-Hg==
age
223
cookie
d.pub.network/ 		36 B
527 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/cookie
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
4753bc904ab374fd1a1350fb0b1824c1a2c80a8d94bf7fb0d19271358016f303

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 25 Nov 2019 23:43:22 GMT
Access-Control-Allow-Credentials
true
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
gpt.js
www.googletagservices.com/tag/js/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a1ff5fe4ae718314b3589c7afd949e0d021d20f681c8417439c6e96559996595
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"348 / 980 of 1000 / last-modified: 1574707045"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
15675
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:22 GMT
gallery.js
freestar-io.videoplayerhub.com/ 		130 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freestar-io.videoplayerhub.com/gallery.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.58 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-225-78-58.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
166d1031506210d3723ed28f498fcc4739516be7f5ce2d98ce219f3aa43f2166

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
Z_kaPCvP.j4UJwOeqRSb5QIeUUu8hN3N
Content-Encoding
gzip
Last-Modified
Mon, 25 Nov 2019 20:02:16 GMT
Server
AmazonS3
Age
70
Date
Mon, 25 Nov 2019 23:42:29 GMT
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 1bf129b8787cf2e96d3bce725554e4d5.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA2-C2
Connection
keep-alive
X-Amz-Cf-Id
SUQLuZwIxWOIG315n_Vw84XUkY1ZB8cXfs8Q5aFRi4JP3YQWU7FKgg==
32x32-printer.png
www.bleepstatic.com/images/site/ 		256 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
117643
cf-polished
origFmt=png, origSize=618
status
200
content-disposition
inline; filename="32x32-printer.webp"
cf-bgj
imgq:85
content-length
256
last-modified
Fri, 02 Oct 2015 21:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c045cbb59ee-VIE
expires
Tue, 24 Dec 2019 15:02:38 GMT
21beb902b545b086a90ec39f1df36b94.jpg
www.bleepstatic.com/author/photos/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/author/photos/21beb902b545b086a90ec39f1df36b94.jpg
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
2513090
cf-polished
origSize=7617, status=webp_bigger
status
200
cf-bgj
imgq:85
content-length
7581
last-modified
Mon, 26 Oct 2015 17:15:33 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c045cbc59ee-VIE
expires
Sun, 27 Oct 2019 21:33:09 GMT
before-bg.png
www.bleepstatic.com/images/site/ 		116 B
282 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/before-bg.png
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
2253890
cf-polished
origFmt=png, origSize=1026
status
200
content-disposition
inline; filename="before-bg.webp"
cf-bgj
imgq:85
content-length
116
last-modified
Fri, 29 May 2015 07:08:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c045cbd59ee-VIE
expires
Fri, 29 Nov 2019 21:38:31 GMT
news-icon-01.png
www.bleepstatic.com/images/site/ 		240 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news-icon-01.png
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
439170
cf-polished
origFmt=png, origSize=1204
status
200
content-disposition
inline; filename="news-icon-01.webp"
cf-bgj
imgq:85
content-length
240
last-modified
Fri, 29 May 2015 07:09:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c045cbe59ee-VIE
expires
Fri, 20 Dec 2019 21:43:52 GMT
link-icon.png
www.bleepstatic.com/images/site/comments/ 		494 B
659 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comments/link-icon.png
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b

Request headers

Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
440994
cf-polished
origFmt=png, origSize=787
status
200
content-disposition
inline; filename="link-icon.webp"
cf-bgj
imgq:85
content-length
494
last-modified
Fri, 25 Sep 2015 17:29:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c045cbf59ee-VIE
expires
Fri, 20 Dec 2019 21:13:28 GMT
prebid-analytics-2.36.5.js
a.pub.network/core/ 		388 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/prebid-analytics-2.36.5.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
BYPASS
status
200
x-guploader-uploadid
AEnB2UqhsNsEBebpy3f7_H1PC3AANCiA3_GU2-KNqglVQH8jbDbcP_RF48psy2-_63chFcY-NF5P_hA_YBAjXlnMbnjlbr3DJg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
last-modified
Tue, 05 Nov 2019 17:37:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EJ1yIw==, md5=e2KPF9QKTQj2iapaLVhLdw==
content-type
text/html
x-goog-generation
1572975461697049
cache-control
private
x-goog-stored-content-length
397332
cf-ray
53b77c049f3d8c68-VIE
expires
Tue, 24 Nov 2020 23:43:22 GMT
location
d.pub.network/ 		25 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/location
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 25 Nov 2019 23:43:22 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
h4-bg.png
www.bleepstatic.com/images/site/ 		38 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/h4-bg.png
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
4393
cf-polished
origFmt=png, origSize=72
status
200
content-disposition
inline; filename="h4-bg.webp"
cf-bgj
imgq:85
content-length
38
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c04ace259ee-VIE
expires
Thu, 21 Nov 2019 20:30:20 GMT
news_email_icon.png
www.bleepstatic.com/images/site/ 		126 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer
https://www.bleepstatic.com/css/redesign/home.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
1553736
cf-polished
origFmt=png, origSize=1105
status
200
content-disposition
inline; filename="news_email_icon.webp"
cf-bgj
imgq:85
content-length
126
last-modified
Fri, 29 May 2015 07:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c04ace359ee-VIE
expires
Sun, 08 Dec 2019 00:07:46 GMT
collect
www.google-analytics.com/r/ 		35 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j79&a=545526374&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ul=en-us&de=UTF-8&dt=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1468618389&gjid=1797190455&cid=667475525.1574725402&tid=UA-91740-1&_gid=900781286.1574725402&_r=1&gtm=2ouav9&z=2132719609
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
pls
core.connatix.com/ Frame BAB3 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://core.connatix.com/pls?callback=jQuery3210018906710750101308_1574725402215&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c_v=1821_0_0_0_0&page_guid=d8aa2d038b982b01a2dc1574725402378&spp=1&_=1574725402216
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1821/min/connatix.renderer.infeed.min_dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.131.34 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-236-131-34.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
715dbc2f24d723444f162dc2cc8e7c334ad85e5a180f1655e93fbd95ea8c920a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
server
nginx/1.15.9 (Ubuntu)
access-control-allow-origin
*
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/ 		220 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
b198f6c8ffd50a477f7dea4911bcbeb614271d080084eb189c30716ef24af5db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
84789
x-xss-protection
0
server
cafe
etag
6374670274128428363
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 25 Nov 2019 23:43:22 GMT
news_footer_icon.png
www.bleepstatic.com/images/site/ 		110 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer
https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
1047081
cf-polished
origFmt=png, origSize=186
status
200
content-disposition
inline; filename="news_footer_icon.webp"
cf-bgj
imgq:85
content-length
110
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c04fcfd59ee-VIE
expires
Fri, 13 Dec 2019 20:52:01 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/ Frame C5CF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20191114/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20191114/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 20 Nov 2019 08:19:49 GMT
expires
Wed, 04 Dec 2019 08:19:49 GMT
content-type
text/html; charset=UTF-8
etag
9688732929695215001
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6504
x-xss-protection
0
cache-control
public, max-age=1209600
age
487413
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
cmpui-popup.js
static.quantcast.mgr.consensu.org/v27/ 		222 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:42:22 GMT
content-encoding
gzip
last-modified
Mon, 18 Nov 2019 19:20:04 GMT
server
AmazonS3
age
168
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript;charset=UTF-8
status
200
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
TIyUe4SV6zIceTvp0fC2DSNww23Y21hCw9N-90Y3P9nuEtOa9tHCfQ==
via
1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront)
pubads_impl_2019111801.js
securepubads.g.doubleclick.net/gpt/ 		159 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
sffe /
Resource Hash
03b07f320a1692a2d507465027fffaa6560d19d248c33bb6a5f2c97b75680c1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 18 Nov 2019 14:07:04 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
59620
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:22 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Nov 2019 20:13:52 GMT
Server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
ETag
"f14b4e1f799b14f798a195f43cf58376"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=12013
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 		2 KB
924 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.8.v20180619) /
Resource Hash
5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
surrogate-key
ra-561517d2c7f964d6
server
Jetty(9.4.8.v20180619)
etag
-1808207170--gzip
vary
Accept-Encoding
cache-tag
ra-561517d2c7f964d6
status
200
cache-control
public, max-age=37, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-type
application/javascript;charset=utf-8
content-length
678
Malspam.jpg
www.bleepstatic.com/content/hl-images/2019/04/26/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2019/04/26/Malspam.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
11185aa1c200d60a92a45416860b08e46466f3fff71d320764837ab35831fad6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
64915
cf-polished
qual=85, origFmt=jpeg, origSize=46421
status
200
content-disposition
inline; filename="Malspam.webp"
cf-bgj
imgq:85
content-length
15232
last-modified
Fri, 26 Apr 2019 22:46:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c059d4f59ee-VIE
expires
Wed, 25 Dec 2019 05:41:27 GMT
292x176_TrickBot.jpg
www.bleepstatic.com/content/hl-images/2019/11/22/thumb/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2019/11/22/thumb/292x176_TrickBot.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f70d0f0ef054b248cdab06a1eb5d948b671f3d4ea2091cc81202856f11f2a205

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
144428
cf-polished
origSize=11987, status=webp_bigger
status
200
cf-bgj
imgq:85
content-length
11278
last-modified
Fri, 22 Nov 2019 22:48:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c059d5059ee-VIE
expires
Tue, 24 Dec 2019 07:36:13 GMT
292x176_Windows_10.png
www.bleepstatic.com/content/hl-images/2019/03/13/thumb/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2019/03/13/thumb/292x176_Windows_10.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
66aff1522e84087d9e91ec11610257a785bf9cc413dcaee2a2048bfcc2f27732

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
67214
cf-polished
origFmt=png, origSize=73566
status
200
content-disposition
inline; filename="292x176_Windows_10.webp"
cf-bgj
imgq:85
content-length
51646
last-modified
Wed, 13 Mar 2019 23:31:57 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c059d5159ee-VIE
expires
Wed, 25 Dec 2019 05:03:08 GMT
jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
5775
cf-polished
origSize=4895
status
200
cf-bgj
minify
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"9108074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c059d5d59ee-VIE
expires
Fri, 22 Nov 2019 22:32:28 GMT
font-awesome.css
www.bleepstatic.com/css/redesign/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
br
cf-cache-status
HIT
age
23
cf-polished
origSize=26776
status
200
cf-bgj
minify
last-modified
Tue, 03 May 2016 04:39:29 GMT
server
cloudflare
etag
W/"1700274315"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
53b77c059d5e59ee-VIE
expires
Fri, 22 Nov 2019 22:32:28 GMT
vendorlist.json
vendorlist.consensu.org/ 		91 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.consensu.org/vendorlist.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:1400:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7a53d4df190d658e52a1fbcea3fdda92433c812e35bb7a789876ff1c75ddb4bd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Sat, 23 Nov 2019 23:28:58 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age
173665
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 21 Nov 2019 16:00:26 GMT
server
AmazonS3
access-control-max-age
604800
access-control-allow-methods
GET
x-amz-version-id
q4qmkF37jkDkebN8AzjM.kkdN85YVWej
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
content-type
application/json; charset=utf-8
x-amz-cf-id
_DdRVvaSK0UjLUpEjUhIoWmirG24mhxCtXi2CopQjxopdZmVR7VoFg==
beacon.js
ad-delivery.net/ 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ad-delivery.net/beacon.js
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-47.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
last-modified
Tue, 31 Jan 2017 15:06:54 GMT
server
AmazonS3
age
1320
date
Mon, 25 Nov 2019 23:21:25 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=3600
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
5cM0ULer_-Wm4LgW-b0Bhx92CEbbH2GsHGh2lTAIR7iBicOWMq294g==
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
ads
googleads.g.doubleclick.net/pagead/ Frame 5D7A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574109363&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574725402440&bpp=5&bdt=351&fdt=74&idt=74&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8199325255381&frm=20&pv=2&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&ga_fc=0&iag=0&icsg=571746057461760&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21064603%2C21065126%2C26835105&oid=3&pvsid=1679836093837318&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=85
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1574109363&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1574725402440&bpp=5&bdt=351&fdt=74&idt=74&shv=r20191114&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=8199325255381&frm=20&pv=2&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&ga_fc=0&iag=0&icsg=571746057461760&dssz=48&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21064603%2C21065126%2C26835105&oid=3&pvsid=1679836093837318&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=85
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Mon, 25 Nov 2019 23:43:22 GMT
server
cafe
content-length
44
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 25-Nov-2019 23:58:22 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires
Mon, 25 Nov 2019 23:43:22 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		78 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191114/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1573858490126243"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29338
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:22 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		88 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
1412d7245072504d1975da264074e475485b5bab1edab58938a536542a4f3dd5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 17:32:54 GMT
content-encoding
gzip
server
Server
age
22228
etag
f95fda3d4fe6103808d969fc52fa66db
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
lrNSCQG-CnGG9lZ0KYDay5P5pU87XUPakMvS6xFKmepY4asIWS9Muw==
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
config.js
confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/ 		313 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
888ed9fe6f1584075c12e74f4a5308e3296a96d83be960d159db7c50f073aa81

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:22 GMT
Content-Encoding
gzip
Age
236
X-Cache
HIT
Connection
keep-alive
Content-Length
66408
x-amz-id-2
yFChfYYlVWoidC2h7WWcIVuhRMvDVt5syUG2nH2z0G5qgbm52k/xUVDyQ6vZD83vA4JNkzwVtWc=
X-Served-By
cache-fra19127-FRA
Last-Modified
Mon, 25 Nov 2019 23:35:25 GMT
Server
AmazonS3
X-Timer
S1574725403.554398,VS0,VE0
ETag
"b77ecfc2cba65daf067fd073c586a206"
x-amz-request-id
A2F510F0D1F8D1AB
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
4
fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 09:36:00 GMT
server
cloudflare
age
489
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
status
200
accept-ranges
bytes
cf-ray
53b77c05ef3bcba4-VIE
access-control-allow-origin
*
content-length
65452
v2
d.pub.network/floors/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/floors/v2?key=535desktop
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
214.71.188.35.bc.googleusercontent.com
Software
/
Resource Hash
2efb1a8b0e26f82d711770092e59f8fbc4469bce3379ee442acfdb6c8489041c

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 25 Nov 2019 23:43:23 GMT
Access-Control-Allow-Credentials
true
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding
chunked
Content-Type
application/json
truncated
/ 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
g
rtb.connatix.com/ 		91 B
293 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c_ivt=0&connatix_sess=02NvrQrwk6uykkcxbDInuTmtpXaCAPxMN8J46zlC9399hbYh72eDLslD6kzqzGrq2LKjSWhqX3V-ZUk9R5YpWIs1ZXSqqEZXZRv7sBs-CkSw1F8xOyuJc2sJ1EUMijuHwROofUMG1iMEUedGsHVQvmlvA3vGco4sxfGIlxU6BeZzcGR7wPY1Ar4ZxGBOJuhR&notServed=false&xplr=false&c_s=false&c_pl=ht-9rCeh1ky55ekmszPeXp9OvCb5MTuTIBkz4bhzf2B4q6E_1CA-vTWtWdMuDNv3cNqM7k7TQEQfgNkbbLoqRYyzvRdUCb-fJugj87zasoUjFARLyQmU54JJm9WVtQsDsTgxezaWH3rLntWqB1fzoLQWc1wDeohQPi1gkD1YlXmFaq5sC4AE8Uj4X01Gk0FzwOuBvC5_SbzlvHzGkfRSgvgTv54-bSN60RjTJ85xL7s&gdpr=1&med_id=639404&req_no=0&v=1&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-&c_v=1821_0_0_0_0&spp=1&callback=cnxJSONP_5cf7823c319e82b0c1961574725402603
Requested by
Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1821/min/connatix.renderer.infeed.min_dc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.86.189.110 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-86-189-110.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
fe9783994b056324e61c339aac8a5c0dcd47daf47e7b25f242b255c8a0c456db

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 25 Nov 2019 23:43:22 GMT
Content-Encoding
gzip
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
105
327.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/327.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c8444ac3b0379ce828317141c6128d128bcd5418ad3e4e9bd1be1ecadccc1095

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.602192,VS0,VE0
access-control-allow-origin
*
content-length
15039
x-served-by
cache-sjc3130-SJC, cache-hhn4036-HHN
1.jpg
i.connatix.com/s3/connatix-uploads/4f14e8c7-7feb-4e60-859e-a2809e13bd1b/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/4f14e8c7-7feb-4e60-859e-a2809e13bd1b/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
4e720804ff4314f1a7c70173d456594cc37b97d284072f8763294f5d1fee8d58

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.603443,VS0,VE0
access-control-allow-origin
*
content-length
18829
x-served-by
cache-sjc3142-SJC, cache-hhn4036-HHN
1.jpg
i.connatix.com/s3/connatix-uploads/e4656b71-6c32-4779-a602-e39583327617/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/e4656b71-6c32-4779-a602-e39583327617/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c4405054dff1040cf4914e27f544f02dc63fec0e12695ea76b7ce98b8605a7b1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.603446,VS0,VE0
access-control-allow-origin
*
content-length
172535
x-served-by
cache-sjc3144-SJC, cache-hhn4036-HHN
1.jpg
i.connatix.com/s3/connatix-uploads/09c4c4e2-937d-41ee-8570-59862a3cd33b/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/09c4c4e2-937d-41ee-8570-59862a3cd33b/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
20d2cb2691e261ada55a9c4d60c663479277d651d9b8d6d768ede5870c3b5993

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
2, 2
accept-ranges
bytes
x-timer
S1574725403.603437,VS0,VE0
access-control-allow-origin
*
content-length
34278
x-served-by
cache-sjc3130-SJC, cache-hhn4036-HHN
1.jpg
i.connatix.com/s3/connatix-uploads/70db2117-5813-4069-a291-9da2180314a5/ 		111 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/70db2117-5813-4069-a291-9da2180314a5/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
29407dab7bfc70257bdb18f8f784b9c0608c69f8290b750618feee47dd1bddcc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.603400,VS0,VE0
access-control-allow-origin
*
content-length
114127
x-served-by
cache-sjc3142-SJC, cache-hhn4036-HHN
1.jpg
i.connatix.com/s3/connatix-uploads/72d0a047-e762-4794-ac1e-9c0420504866/ 		156 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-uploads/72d0a047-e762-4794-ac1e-9c0420504866/1.jpg?mode=crop&width=1001&height=563
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
dac702bbb288a8038c909915b51f4423c7c52826395f824682a0218935f240b1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
694
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.603418,VS0,VE0
access-control-allow-origin
*
content-length
160038
x-served-by
cache-sjc3146-SJC, cache-hhn4036-HHN
bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
cf-cache-status
HIT
age
420860
cf-polished
origFmt=png, origSize=15281
status
200
content-disposition
inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj
imgq:85
content-length
7156
last-modified
Wed, 07 Jan 2015 22:52:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
53b77c065d9259ee-VIE
expires
Sat, 21 Dec 2019 02:49:01 GMT
0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame BAB3 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 varnish, 1.1 varnish
age
7775620
x-cache
HIT, HIT
content-type
image/jpeg
status
200
cache-control
max-age=31557600
x-cache-hits
1, 2
accept-ranges
bytes
x-timer
S1574725403.609063,VS0,VE0
access-control-allow-origin
*
content-length
23507
x-served-by
cache-sjc3139-SJC, cache-hhn4036-HHN
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Mon, 25 Nov 2019 23:43:22 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
CookieAccess
api.quantcast.mgr.consensu.org/ 		30 B
595 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.121 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-225-78-121.fra2.r.cloudfront.net
Software
/
Resource Hash
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C2
x-amzn-requestid
560cc52d-4188-478d-9df4-df3a7fc2891d
x-cache
Error from cloudfront
status
404
x-amz-apigw-id
DvUMLFpzIAMFl6A=
content-length
50
access-control-allow-origin
https://www.bleepingcomputer.com
x-amzn-trace-id
Root=1-5ddc671a-5abe61e02e60d218704112c8;Sampled=0
vary
Origin
access-control-allow-methods
GET, POST
content-type
application/json
via
1.1 784dd167d622737126ee2d76985e7d3c.cloudfront.net (CloudFront)
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
x-amz-cf-id
oPNc9QOxsB-kkj-b42ozGYtJeBHZArTPObbla0MrTBYNLv34sZDb6g==
r
trk.connatix.com/ Frame BAB3 		0
162 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trk.connatix.com/r?connatix_sess=02NvrQrwk6uykkcxbDInuTmtpXaCAPxMN8J46zlC9399hbYh72eDLslD6kzqzGrq2LKjSWhqX3V-ZUk9R5YpWIs1ZXSqqEZXZRv7sBs-CkSw1F8xOyuJc2sJ1EUMijuHwROofUMG1iMEUedGsHVQvmlvA3vGco4sxfGIlxU6BeZzcGR7wPY1Ar4ZxGBOJuhR&videoID=639404&c_pl=ht-9rCeh1ky55ekmszPeXp9OvCb5MTuTIBkz4bhzf2B4q6E_1CA-vTWtWdMuDNv3cNqM7k7TQEQfgNkbbLoqRYyzvRdUCb-fJugj87zasoUjFARLyQmU54JJm9WVtQsDsTgxezaWH3rLntWqB1fzoLQWc1wDeohQPi1gkD1YlXmFaq5sC4AE8Uj4X01Gk0FzwOuBvC5_SbzlvHzGkfRSgvgTv54-bSN60RjTJ85xL7s&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-&c_v=1821_0_0_0_0&spp=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.253.153 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-223-253-153.compute-1.amazonaws.com
Software
nginx/1.15.9 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 25 Nov 2019 23:43:22 GMT
Server
nginx/1.15.9 (Ubuntu)
Connection
keep-alive
Content-Length
0
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 14:09:45 GMT
content-encoding
gzip
vary
Origin
age
34418
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Fri, 01 Nov 2019 13:46:13 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
7mpXprjoDG_sKWBSvHIm4VrZKl6YtW-9c-S-kP4CRNki4KuvsDYgqw==
wrap.js
confiant-integrations.global.ssl.fastly.net/prebid/201911221338/ 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/prebid/201911221338/wrap.js
Requested by
Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd2a9da78d6436d5ffa49115fbe8029fc1019c3b92d674fd5c4a221e8f21bcce

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:22 GMT
Content-Encoding
gzip
Age
721
X-Cache
HIT
Connection
keep-alive
Content-Length
11451
x-amz-id-2
rPjRcgyyS5+dorvF+16pKafGdK/iSJyO4sp2whiOiolwdNigV6gc2xp1KE/dFYdMI4TW0SarZxk=
X-Served-By
cache-fra19127-FRA
Last-Modified
Mon, 25 Nov 2019 17:19:38 GMT
Server
AmazonS3
X-Timer
S1574725403.744839,VS0,VE0
ETag
"00505cf7f992bfd8674b6a8617236b9a"
x-amz-request-id
7D994B6629D9617E
Via
1.1 varnish
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
410
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&pid=omd8munj8g1gW&cb=0&ws=1600x1200&v=7.44.02&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_3%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:22 GMT
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
P8IR9x1JrTgE8ud_0PXEiU_719ErLktpLhKLvf6w_Rs8TLPpXYi7cw==
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
4753bc904ab374fd1a1350fb0b1824c1a2c80a8d94bf7fb0d19271358016f303

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 25 Nov 2019 23:43:23 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
jquery.color-2.1.2.min.js
cluster-na.cdnjquery.com/color/ 		92 B
356 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1574725403014&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%225dd21af9-0fdd-11ea-9f67-b5f2e0a3fad2%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&csVersion=1.20.9&clearThroughOptions=undefined
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.108.72 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-206-108-72.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
c6ac75a73b23c024ef5b97e94afcd3a69f60b03cef69827693e09bcbf9d9a52a
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:23 GMT
Content-Encoding
gzip
Server
nginx/1.12.1
ETag
W/"5c-UMCq6HORZLAmBEtksVIrdzt5WHA"
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Charset
utf8
Connection
keep-alive
Content-Length
84
px.gif
ad-delivery.net/ 		43 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.018472642002142603
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-47.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
last-modified
Thu, 27 Jul 2017 18:59:05 GMT
server
AmazonS3
age
14676
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache
Hit from cloudfront
content-type
image/gif
status
200
date
Mon, 25 Nov 2019 19:38:48 GMT
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
43
x-amz-cf-id
_mO3GvRQWEtu-lq6VbGa6IeHYZBTllEJLtRXbdwVSoCgHhl2Z9KJOg==
/
audit.quantcast.mgr.consensu.org/ 		80 B
477 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit.quantcast.mgr.consensu.org/?log=;1574725403030;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F;;;;;p,off,false,,1,en,27,176,true,false,false;displayConsentUi:mandatory,
Requested by
Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.64 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-64.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 07:37:45 GMT
via
1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
vary
Origin
age
57939
x-cache
Hit from cloudfront
status
200
content-length
80
last-modified
Mon, 11 Jun 2018 22:07:34 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
_PVF_SVk5sGKe6IXSgsrP2VAL6V9IjFjzAH4-cUOaYGq4AFDktIsLA==
px.gif
ad-delivery.net/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.018472642002142603
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-47.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
last-modified
Thu, 27 Jul 2017 18:59:05 GMT
server
AmazonS3
age
14676
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache
Hit from cloudfront
content-type
image/gif
status
200
date
Mon, 25 Nov 2019 19:38:48 GMT
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
43
x-amz-cf-id
RSKHXQN8yl95GJ4WeB65pK2fUGIEcgw4-6-SEoVqmP-DYw2gqr6v1A==
jquery.color-2.1.2.min.js
cluster-na.cdnjquery.com/color/ 		92 B
356 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1574725403065&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%225dd21af9-0fdd-11ea-9f67-b5f2e0a3fad2%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&csVersion=1.20.9&pgid_same=1&clearThroughOptions=undefined
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.206.108.72 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-206-108-72.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
2e3f01df6405536b7bd16b82eff1294a6d1d34953aabc32b4c16fcd1f348306f
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:23 GMT
Content-Encoding
gzip
Server
nginx/1.12.1
ETag
W/"5c-TcmvtXfHMU7Vbg+e4TLlT7jHm5M"
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Charset
utf8
Connection
keep-alive
Content-Length
84
48.008759e9efe1c1b693dd.js
s7.addthis.com/static/ 		281 B
486 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-119"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Mon, 25 Nov 2019 23:43:23 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
246
/
graph.facebook.com/ 		308 B
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_2ru80
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
78543a133b9e96dd14aef9fdc2c36462018a55683ce4b4ed6e0bdff1451d64c0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Mon, 25 Nov 2019 23:43:23 GMT
x-fb-rev
1001471375
alt-svc
h3-23=":443"; ma=3600
content-length
213
pragma
no-cache
x-fb-debug
uelG63BYHfgqMKH4VDAzSXAEQwWo5bdbpJ78sO3pNwxC6vCsSEwuCR8RFWb+Ph21qlbP7Xd2hVKLIHD8+bnuBQ==
x-fb-trace-id
G1HoqzdvV6V
etag
"e89953d124b5e012922a0156de2695567de13599"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
Asqy8MRtwsCD-IqbUo-6sTc
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.11
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		126 B
368 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jsonp=_ate.cbs.rcb_irfy0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
snooserv /
Resource Hash
24db670c49c79c835a806b82346875af160acdeff1f99f97808b2f9e03bffc4c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:23 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
status
200
x-cache-hits
0
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
126
x-xss-protection
1; mode=block
x-served-by
cache-fra19141-FRA
x-moose
majestic
server
snooserv
x-timer
S1574725404.583553,VS0,VE112
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible
IE=edge
accept-ranges
bytes
expires
-1
/
graph.facebook.com/ 		148 B
355 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_d8rj0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
ad5e5284274bdd81ef50f0e0e941aef3e4ef1c0c3a8ac94df6940529f51cc065
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Mon, 25 Nov 2019 23:43:23 GMT
x-fb-rev
1001471375
alt-svc
h3-23=":443"; ma=3600
content-length
148
pragma
no-cache
x-fb-debug
nSlpTMHrnItLxtIkpuMpPEzruGcq0vCHim9jPdpD5Og0XSlhX0z2BJCgL+/mZZ3J2iXUtW86euwWjWA4P2CmjA==
x-fb-trace-id
FgstoVn+Qub
etag
"6d642c079107eb81782a9845274e8c277b59109b"
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AM-iDEzuTe0qOi0IiSntsNE
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.11
expires
Sat, 01 Jan 2000 00:00:00 GMT
info.json
www.reddit.com/api/ 		126 B
259 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jsonp=_ate.cbs.rcb_fayx0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
snooserv /
Resource Hash
f72d7f33fa2dbfd60a75bf0a1f09f266bc0f96aacec7e90867f90117be1458d7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:23 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
status
200
x-cache-hits
0
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
126
x-xss-protection
1; mode=block
x-served-by
cache-fra19141-FRA
x-moose
majestic
server
snooserv
x-timer
S1574725404.583790,VS0,VE179
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible
IE=edge
accept-ranges
bytes
expires
-1
prebid
ib.adnxs.com/ut/v3/ 		688 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
9e82c2fae6f37c0e7509c8bad793a9736033073d8bdbfa5be80b0453abe34e05
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.87:80
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
15ab9370-86fd-4093-8d3c-98981e267463
Server
nginx/1.13.4
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=12f0c6b761f0d8f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=1387219c67b0d71&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=14a07891af3f02f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=15e193b58d95578&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=16da57a337794fb&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=177cda688e3cc7c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=1855e729e6d562&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=19528bdaf76d1e2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=2094efd92706532&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=219ba6ccbb8558f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=22e3b6c9d9ffb78&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=23c0484370b0f44&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=2497726b6919e01&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&bidId=2509036cbc72de3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=265a840189ea92c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=2715821a8c0abcd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=2850ae883f51697&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		724 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
11db0827427c63082bcd5a290b77cd158191195e8966adf2ff4eca08cdb549fa
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.10:80
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
87d195a9-3228-4aa3-9a9a-c6c770658cb3
Server
nginx/1.13.4
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
as-sec.casalemedia.com/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%225097f4b994cc6b7%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2251684c179e5dd3b%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2252cc73fc67965b5%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%22531137776a119d7%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2254831342bcaf4e2%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%22559744440ac071d%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%2256f320b5ceef72e%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%22574139a64abacb%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2258f64b8488a59c2%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%22594291b3ebc7955%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%226085b5d862df6af%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%2261faaf027b16148%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2262510ad05c206be%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2263b3f09a30aa3ba%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
21775cf9630b1877e2c01a1d2a808cefe08e9077d85cb86eb9cb829c3cb3acd1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
2535
Expires
Mon, 25 Nov 2019 23:43:24 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		259 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=8247e077-1952-483d-a234-96d3db41a32d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.46906010483616534
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
9ffb432f329093192b74b40bb865919719917bc45dc3631b4dba63f576cea460

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=305
Content-Length
259
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		259 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=b737bc64-bf32-4532-9216-6f793dc0f09e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.18453214144756536
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
71d7ea78737de87d96a606f17f69f0a8613fefe24ca4883fbb931bd0037a95bd

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=256
Content-Length
259
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		257 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=005b9ad1-d4a5-42cd-a6db-65a1f4901825&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.08844927025639171
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
1b45344cb1a6e6eebc0669e885eb7d3b7ffa17c604b2e19cb41234ce11d055d4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=286
Content-Length
257
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=25a2b171-81af-48d9-a8ff-722042a982da&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.39341370630288997
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
f0fea544bb4b001cbf611fef9ded878352e5cff7931047dd9b2cff91ae69daa2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Content-Encoding
gzip
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=153
Content-Length
1525
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=41c499c6-38b4-45f1-b0c9-d4bb07ca39f9&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.286217836357461
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
59d08a090ac476a0401b85e0f51028531efa6d0bb917454a5ee8727c43949aa8

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=218
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=e0e6e95b-2237-4661-b414-6651d4499be8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.886187888300723
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
bf2317a03cf3c9ae2d7eed5dd93b08734655f2ff29c5a1b7e86b0b42217b7798

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:23 GMT
Content-Encoding
gzip
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=496
Content-Length
1522
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
tlx.3lift.com/header/ 		19 B
793 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.48.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-48-163.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
x-auction-status
12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
v2
i.connectad.io/api/ 		211 B
707 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.connectad.io/api/v2
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
79f4d655eaa6638ebe79eec6fad2f69fce2c70fa6c20d59670bdd5225f4f1c7c

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
clear
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
53b77c0e9a6459e2-VIE
content-type
application/json
via
1.1 google
arj
freestar-d.openx.net/w/1.0/ 		174 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=8247e077-1952-483d-a234-96d3db41a32d%2Cb737bc64-bf32-4532-9216-6f793dc0f09e%2C005b9ad1-d4a5-42cd-a6db-65a1f4901825%2C25a2b171-81af-48d9-a8ff-722042a982da%2C41c499c6-38b4-45f1-b0c9-d4bb07ca39f9%2Ce0e6e95b-2237-4661-b414-6651d4499be8&nocache=1574725403926&x_gdpr_f=1&pubcid=9f1a27d0-fc94-4653-9ab9-7b3afbb3619a&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C728x90%7C300x250%2C300x600&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&auid=539181725%2C539181725%2C539181725%2C539181725%2C539181725%2C539181725&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash
31599bd9e4ff896253e27ec0f4e6a210187cd477d38c9a5088627a13ee3ed769

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
via
1.1 google
server
OXGW/16.167.2
status
200
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
174
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		37 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
/
Resource Hash
92596d3a813f93494b62ee3f49892b17bd38f1f7748f5dc92d541ec819aeb644

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
200
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
x-openrtb-version
2.3
access-control-allow-credentials
true
date
Mon, 25 Nov 2019 23:43:24 GMT
content-type
application/json
v1
dmx.districtm.io/b/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method
POST
Origin
https://www.bleepingcomputer.com
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 25 Nov 2019 23:43:23 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://www.bleepingcomputer.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
status
204
access-control-max-age
14400
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c0e9d1fdfcb-FRA
access-control-allow-headers
origin, content-type
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574725403930&secure=true&version=9&mobile=false&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&measurable=true&bids[0][bidId]=129c81bb8d450a0f&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&bids[1][bidId]=130768f3ffd94d2b&bids[1][config][property]=5c3404d83e048a00261ad27f&bids[1][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&bids[1][sizes][0][width]=728&bids[1][sizes][0][height]=90&bids[1][sizes][1][width]=970&bids[1][sizes][1][height]=90&bids[1][sizes][2][width]=970&bids[1][sizes][2][height]=250&bids[2][bidId]=1312dcc1926b182b&bids[2][config][property]=5c3404d83e048a00261ad27f&bids[2][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_1&bids[2][sizes][0][width]=300&bids[2][sizes][0][height]=250&bids[2][sizes][1][width]=300&bids[2][sizes][1][height]=600&bids[3][bidId]=1324b8c3c219e6ea&bids[3][config][property]=5c3404d83e048a00261ad27f&bids[3][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_2&bids[3][sizes][0][width]=300&bids[3][sizes][0][height]=250&bids[3][sizes][1][width]=300&bids[3][sizes][1][height]=600&bids[4][bidId]=133023eeac8fdf9f&bids[4][config][property]=5c3404d83e048a00261ad27f&bids[4][config][zone]=bleepingcomputer_728x90_320x50_InContent_1&bids[4][sizes][0][width]=728&bids[4][sizes][0][height]=90&bids[5][bidId]=134396ae8e1b035a&bids[5][config][property]=5c3404d83e048a00261ad27f&bids[5][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_3&bids[5][sizes][0][width]=300&bids[5][sizes][0][height]=250&bids[5][sizes][1][width]=300&bids[5][sizes][1][height]=600&property=5c3404d83e048a00261ad27f&foo
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1de1fe8f127a6b08e226cb40f043ba5d33ab0ff897bf1dea45dcc0db22f0dbf6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
status
200
x-powered-by
Express
etag
"291686219"
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		534 B
724 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
fee08e8543fc6dd933d72ac2f4292759e2841a0cc84a985b99c64081bca5fc42

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
534
expires
0
/
hb.emxdgt.com/ 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1574725403931&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 25 Nov 2019 23:43:23 GMT
Content-Type
text/html
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Access-Control-Allow-Headers
security, Content-Type
Content-Length
0
imp
g2.gumgum.com/hbid/ 		123 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
adc5fb1e70389b376b2841d0e9830b5d1a8f26d24156bb32077aa38c14d7846e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
25ced16e78de34eafb1275b88f6be61ee46e79f2f469e6e94661bb21b3a0d7bc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
53f9e9af471a0ecbda08c1a5cf97db455eb442124beddbc0c8fd3878b7243c99

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
85fde5471434e022d3412c2759d00b244df208574fbc91c1f114a43355b1f546

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		0
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
204
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
670 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5d44e949fc57f3018637d05c238a847f7cf3fc789a08a5ccdf65ad9f54c02849

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		0
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
204
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
57e2a748f9e3f89e9b33e19182c2c1cf0d90c32fd86fd7cf551cb6637379ab15

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8c0c2d131c5a7fc6c78cb9a3c12fbea9575cd32784af42082371c57f32966e99

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		0
491 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
server
nginx
status
204
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
ads
securepubads.g.doubleclick.net/gampad/ 		120 KB
39 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1679836093837318&correlator=2983995069404270&output=ldjh&impl=fifs&adsid=NT&eid=21064826&vrg=2019111801&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A553680904%2C8%3A134250504&sc=1&sfv=1-0-36&ecs=20191125&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1574109363&dt=1574725403943&dlt=1574725402089&idt=445&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C9173%2C327%2C1136%2C7565%2C9679%2C1661&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&dssz=59&icsg=140737664524288&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x9679%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&fws=4%2C4%2C4%2C4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
fd3f8873b342d61d8b49c5a80427713aa58f6291932bd68fe63dc252e17d18ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
39593
x-xss-protection
0
google-lineitem-id
-1,-2,-1,-2,-2,4893662829,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-2,-1,-2,-2,138254592126,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2019111801.js
securepubads.g.doubleclick.net/gpt/ 		65 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
sffe /
Resource Hash
23f5a3eca6fec1f8380dd45a87da65ee9ab4c93d4602403dc26b18e2afeb201f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 18 Nov 2019 14:07:04 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
25219
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:23 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
v1
dmx.districtm.io/b/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 25 Nov 2019 23:43:23 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c0edc2ee007-FRA
access-control-allow-headers
origin, content-type
ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=15...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=15...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
access-control-allow-origin
https://www.bleepingcomputer.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 		944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1618e9f578f46657;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
fdf7f437a6e5f1cdb174133f53d1f678b4c49de634dad6ee44ff305cd90f7fae

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec8ef10-0fdd-11ea-b478-120ea4e1ae80;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=162fa3f2161ae9d2;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
845e573dc78098daf8f6e463df7c91f149d69cb2de24a839159f7df91989a3c4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec96256-0fdd-11ea-b85b-12a867928a20;cfp=1;rndc=1574725404;v=2;cmd=bid;cors=yes;alias=1633ff27496a4702;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
ff1e641dab1d9c74b127f771c4ce8bb229bc2250d918ca546a41f985e070be8a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;apid=1A5ec98826-0fdd-11ea-b6b6-12ce909f321e;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=158dde5c36c043a5;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
354f842c01640d8b56b0546f710bfe5aab2c081e6adfd3385672cec97c1812c6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;apid=1A5ec96ada-0fdd-11ea-8848-12a8bb4804a8;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1598d4b5cb39d6db;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
e38ef263af60c87a55d3d7e7220215548ffb47fb5329fe7e0eb950c0f641d5d3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9f842-0fdd-11ea-8248-1299e5b070c6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=160c4771d29b355;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
ef4893202fb82d1b83bedced304a1b0df705e8500c1669803daea22fe51d91dc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 		944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec92494-0fdd-11ea-8239-12a93b07bf66;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1648d390891e87f1;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
9320d85313c26732a953d3075605c30877bdc240534cb5028b87cd78fba51ef3

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;apid=1A5ec9c57a-0fdd-11ea-93e0-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1685abf4041622f;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
d7ea9d5923ac4ae35170ce776a3b13689db4d11bc4f217d9413cfaca725ded50

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9473a-0fdd-11ea-b446-1273d078354a;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1668bc1bcc691a74;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
93534d58901589a69bbc2eb7676c599410c12dc4de5a8ee87d25e8bf51d9b41d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;apid=1A5ec9d286-0fdd-11ea-99f7-120d915f11b6;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=169ba6786222e8be;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
e45a7fad51ee71886b3cc07316278924e578d563394eab50aca328a233a8b81d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 		944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9e230-0fdd-11ea-ae2a-1234a9bcb81c;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=16565b013aef66dd;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
5adcd2daf0ed89d2b246f0d8a34a3f91166a53bc0cea17504aaa42f008feb97b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec97b74-0fdd-11ea-9df6-126145921f52;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=167f1cfd63f7c1c9;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
0f34aa7a8accd4fa20f86f9aa8d2ddbb97d8310dce23b7f393b857cc53774bc4

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc;cfp=1;rndc=1574725403;v=2;cmd=bid;cors=yes;alias=1709b635cf777d5a;misc=1574725403918
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
81817ff7cc19993b48aac7a8f7e488b97620e96752483df5956afa6027ab7180

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/011911070201440/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
6247
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7132
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 21:59:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"796f98bb73f13f89"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 21:59:17 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/011911070201440/ Frame B7D3 		200 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
11407
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55611
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 20:33:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d3c4309c2c9fce1d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 20:33:17 GMT
amp-ad-exit-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame B7D3 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-ad-exit-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
36362
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5592
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 13:37:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9ac5c138bfec1b90"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 13:37:22 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame B7D3 		151 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
11407
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
41358
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 20:33:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"ed96f4a845755c74"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 20:33:17 GMT
amp-fit-text-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame B7D3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-fit-text-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
36342
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1402
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 13:37:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"49ed1549bef9ee2d"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 13:37:42 GMT
amp-form-0.1.js
cdn.ampproject.org/rtv/011911070201440/v0/ Frame B7D3 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/011911070201440/v0/amp-form-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
36349
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14180
x-xss-protection
0
server
sffe
date
Mon, 25 Nov 2019 13:37:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"15a9b640489a7720"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Nov 2020 13:37:35 GMT
css
fonts.googleapis.com/ Frame B7D3 		4 KB
688 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 25 Nov 2019 23:43:24 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 25 Nov 2019 23:43:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:24 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/8578129967820296872/ Frame B7D3 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/8578129967820296872/downsize_200k_v1?w=300&h=300
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
dd67767c31dc810b77952c560b17434acdcf7037101f63d20994ae7960ea5076
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 16:10:52 GMT
x-content-type-options
nosniff
age
372752
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
3096
x-xss-protection
0
last-modified
Tue, 08 Jan 2019 00:33:08 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Nov 2020 16:10:52 GMT
truncated
/ Frame B7D3 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
013e17377e2b64238f7892aa1f3bbaa8f7308554a35980e53cb13c1bae31cbc0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&pid=ljE7RqyYtVc9N&cb=1&ws=1600x1200&v=7.44.02&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
wDFNm-XV5Vq71alo7Ul4nOoL4obbKuyeSLNvCOdgZIAa5Jb8_g4o-A==
ADTECH;v=2;cmd=bid;cors=yes;alias=225318930c69e4f;misc=1574725404402;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146915/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=225318930c69e4f;misc=1574725404402;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
32d754dccf95583f21da14546fef944665eec23668cbf7dac5119f4c73bf740f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;v=2;cmd=bid;cors=yes;alias=22665c2970a0a014;misc=1574725404402;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146916/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=22665c2970a0a014;misc=1574725404402;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
b3ff4f3fa46204a1ec84dd739b4ca119b189d8526c78f513ea320cae27addf33

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;v=2;cmd=bid;cors=yes;alias=2274905c43a9c939;misc=1574725404402;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 		944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=2274905c43a9c939;misc=1574725404402;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
b0584bdb1b668f84289235c7bcee3691d3b48750ffc690344269592390555380

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
521 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.48.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-48-163.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
x-auction-status
12, 12, 12, 12
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		173 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=4c6627b4-052c-41e2-a2bb-f379da8c6c2a&nocache=1574725404402&x_gdpr_f=1&pubcid=9f1a27d0-fc94-4653-9ab9-7b3afbb3619a&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=539181725&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash
d5d209535394ad05aa1650016515f95f0323501b35b9cdba891735c3b22240c2

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 google
server
OXGW/16.167.2
status
200
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
173
expires
Mon, 26 Jul 1997 05:00:00 GMT
cygnus
as-sec.casalemedia.com/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22196d28c34b03d23d%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221970a8b5e0ed393d%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%221989e45da8c85b86%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%22199e4a750e0d33c4%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5e614a218b9f68462c9feacc952ce835369a03c653ad19cb55c4de8a73346219

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
1003
Expires
Mon, 25 Nov 2019 23:43:24 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=2012a9a294988d17&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=202f716076eeab07&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=2031587c790170e9&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v2
i.connectad.io/api/ 		97 B
174 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.connectad.io/api/v2
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a678407d6b0f71f89cb17d9b193ecddcc05f0a2b50e03b700da73913f0690bc

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
clear
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
53b77c118b7259e2-VIE
content-type
application/json
via
1.1 google
v1
dmx.districtm.io/b/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method
POST
Origin
https://www.bleepingcomputer.com
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://www.bleepingcomputer.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
status
204
access-control-max-age
14400
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c1189a9dfcb-FRA
access-control-allow-headers
origin, content-type
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		194 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
012526c4091faf25235c9b7a8d15456afe9da38bb98f9d82d392eb302ff33673

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
194
expires
0
prebid
ib.adnxs.com/ut/v3/ 		140 B
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
7b464ae6b9abecfd1a9431ac6b97475e95b39660451a8f0dfc2401b07d63042e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.12:80
AN-X-Request-Uuid
b775a832-28f1-4b03-9b8a-198ec43baca4
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
140
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		263 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=4c6627b4-052c-41e2-a2bb-f379da8c6c2a&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.34094077139276413
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
b593c1c0eb2d734dec2e5bf3bfd897a7a54baded2cea6aea1119e50559932060

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=186
Content-Length
263
Expires
Wed, 17 Sep 1975 21:32:10 GMT
imp
g2.gumgum.com/hbid/ 		123 B
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?pv=701e53f7-663f-4a40-95a2-625d456bf913&si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?pv=701e53f7-663f-4a40-95a2-625d456bf913&si=14288&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574725404405&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&measurable=true&bids[0][bidId]=2181844f65c5684b&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=970&bids[0][sizes][2][height]=250&property=5c3404d83e048a00261ad27f&foo
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1de1fe8f127a6b08e226cb40f043ba5d33ab0ff897bf1dea45dcc0db22f0dbf6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
status
200
x-powered-by
Express
etag
"291686219"
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
eef6cabe50d6a2e1cad1149deae167570386ad4d083f64317c6e850a7c83c698
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.12:80
AN-X-Request-Uuid
6682a261-2cb1-4e69-aa95-36b77b692897
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 25 Nov 2019 23:43:24 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.bleepingcomputer.com
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B7D3 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:33:42 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
582
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 26 Nov 2019 23:33:42 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B7D3 		295 B
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 21:53:21 GMT
x-content-type-options
nosniff
content-type
image/png
server
cafe
age
6603
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 26 Nov 2019 21:53:21 GMT
B22124189.255033228;dc_pre=CJuj5aLFhuYCFc6rdwodwQcONw;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame B7D3
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
  • https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_pre=CJuj5aLFhuYCFc6rdwodwQcONw;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_ch...
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_pre=CJuj5aLFhuYCFc6rdwodwQcONw;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033228;dc_pre=CJuj5aLFhuYCFc6rdwodwQcONw;dc_trk_aid=450834183;dc_trk_cid=121092582;ord=3051183901;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B7D3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CgxfvHGfcXfh4ktaAB_PwoNAC48_1nlqOtrb_gQqZzJnclw4QASDa18U5YJUCoAHS-MviA8gBAeACAKgDAaoEyAJP0Fb3ByzqRYIewc_tkr-Lj11tT6aeP10sIQ8vK6iSDD9TCK53P8ZOHPT8VJqzKOk9baMQi2HX7pCG7-LoX7l6X-2xzLkhhBrryOb7nWaUEpqJw4EzCJ5nflgbobuQNjFi3O2qWf9HKVcXS8pYOBeD8vokvAMkYldYYcXy30WuYGaime0puiRn7fgMXLF0p6eEQSfIfJsEM-8cmSN7r3cRuElhqkX-5uDEORPKhhlOQuOEK67ZhzdSu1xQdFE5Q1FWQuMLuOepowFseIHMMGbTMk70wcD-A5Z2Fv96FTviRjcR4rOTEPORfamoyPE0CxQTQ5QL9b7A53Ygqw1HW-7bF8E5No3BIwfq4QTu9Xgj1AdyfhyLmNgOFj0a-846TPxRkZXo7zRuKsp2InWlZ71H5P6jNsMdg7FJfEh7T6Q6-Da8-WlMsqRpwAS8jPj8hgLgBAGAB4GI1kOoB47OG6gH1ckbqAeT2BuoB7oGqAfZyxuoB8_MG6gHpr4bqAfs1RvYBwHyBwQQ8KAO0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMDiBQE&sigh=pvrnWvc9QfQ&template_id=5001&tpd=AGWhJmusCW3coAbdGzEfcbwW9gvYJRdmJKQ3tw33aoOElxs8UA
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ Frame BE55 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-36/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
3516
date
Mon, 25 Nov 2019 23:06:49 GMT
expires
Tue, 24 Nov 2020 23:06:49 GMT
last-modified
Wed, 16 Oct 2019 15:42:04 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2195
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&pid=VpUGfueruigM6&cb=2&ws=1600x1200&v=7.44.02&t=1000&slots=%5B%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
OYc7EEk3gzfWvZE2jP11yY3Xy32dk7tnmXinLMyk3CiiHK2Wx-nocw==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
378 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&pid=AOYlBr9iDBfru&cb=3&ws=1600x1200&v=7.44.02&t=1000&slots=%5B%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-90-242.fra50.r.cloudfront.net
Software
Server /
Resource Hash
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
dH9U8qntZr_KENSCAtn8RJTKl7D1Xb97Q8mBJLb_VL1-JW-XDUsQ7Q==
view
securepubads.g.doubleclick.net/pcs/ Frame 260B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuaHOEE6T9RVDFDR74LkRHgNzBYVTYOoa9G8qditNK3zqHEUrl8trbJPTwfkMAy9_4qNNkFvgdxqs_07IN4vgfI6l8jbCkJZZ1vZD_RjEGRgR8fgoRGpRdYDkJgKojNLbCQ-ryL_qrirpVajgKGP-CfJw36UtD3v1bzJYjXRaoVSm4Crbp_Dji4SBQWbCr9fT_3qi6MjuGeQ8Cx9aTzz2JDdeaKPoflyahQcdlNDMjNq20tUtClaLFi1vBjI5IVFtR_BrNyf_bsDkdi_zZ7cnG8fnTPveGbriCG&sig=Cg0ArKJSzMi19ZZX4F18EAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 25 Nov 2019 23:43:24 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 260B 		76 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1573858490126243"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29138
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:24 GMT
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame B7D3 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com

Response headers

date
Thu, 21 Nov 2019 23:44:39 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
345525
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11056
x-xss-protection
0
expires
Fri, 20 Nov 2020 23:44:39 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame B7D3 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Origin
https://www.bleepingcomputer.com

Response headers

date
Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
499060
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Thu, 19 Nov 2020 05:05:44 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-36/html/ Frame 1779 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-36/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-36/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
3516
date
Mon, 25 Nov 2019 23:06:49 GMT
expires
Tue, 24 Nov 2020 23:06:49 GMT
last-modified
Wed, 16 Oct 2019 15:42:04 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
2195
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
v1
dmx.districtm.io/b/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c11c841e007-FRA
access-control-allow-headers
origin, content-type
si
googleads.g.doubleclick.net/pagead/drt/ Frame B7D3
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Mon, 25 Nov 2019 23:43:24 GMT
x-content-type-options
nosniff
server
safe
location
https://googleads.g.doubleclick.net/pagead/drt/si
content-type
text/html; charset=UTF-8
status
302
cache-control
private
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
246
x-xss-protection
0
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=232eaa948edc6b4a&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=23318aea4b946039&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=234f36c0e02d736a&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
auction
tlx.3lift.com/header/ 		19 B
521 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.48.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-48-163.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
x-auction-status
12, 12, 12, 12
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
v2
i.connectad.io/api/ 		97 B
174 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.connectad.io/api/v2
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
42a8243aad77b837d0380ad05123048f64ce30249c672f603ae99363f103aaa5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
clear
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
53b77c128beb59e2-VIE
content-type
application/json
via
1.1 google
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
7d1bc17a54d679297a083dcbb87ace533b40de8cde400de25450a0632e2e7a97
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.254:80
AN-X-Request-Uuid
532dd88e-08b8-4dce-b6b9-ec558fe8cbbe
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=3ef22c0e-0c6d-47dd-b817-18fa7d65d435&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1416782509241239
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
90833c2e3bea976b5fb512f276dec104c12edd8dfd62f034e946f420de3ffbf9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Encoding
gzip
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=59
Content-Length
1523
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		12 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
/
Resource Hash
1a8200dfc0502b72d514479ec63570604e1a02b1313732b10e53ce0da745f338

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
200
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
x-openrtb-version
2.3
access-control-allow-credentials
true
date
Mon, 25 Nov 2019 23:43:24 GMT
content-type
application/json
ADTECH;v=2;cmd=bid;cors=yes;alias=30318a7fd7bfb8d6;misc=1574725404555;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146913/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=30318a7fd7bfb8d6;misc=1574725404555;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
3b913f34940f811b522449f65356c7c9fbafda6fd7582859f1076e1bf8a56316

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;v=2;cmd=bid;cors=yes;alias=304fff868b1db8b5;misc=1574725404555;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146918/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=304fff868b1db8b5;misc=1574725404555;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
9711307c9bb17e0a1b4c663e7a6a419af52dcf31793fb54958b18ceaceff413a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT
imp
g2.gumgum.com/hbid/ 		0
234 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?pv=701e53f7-663f-4a40-95a2-625d456bf913&t=zztu1szx&pi=2&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
204
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		123 B
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?pv=701e53f7-663f-4a40-95a2-625d456bf913&si=14290&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
v1
dmx.districtm.io/b/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method
POST
Origin
https://www.bleepingcomputer.com
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://www.bleepingcomputer.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
status
204
access-control-max-age
14400
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c127b23dfcb-FRA
access-control-allow-headers
origin, content-type
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574725404556&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&measurable=true&bids[0][bidId]=258a525404df19c7&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_300x250_300x600_160x600_Right_2&bids[0][sizes][0][width]=300&bids[0][sizes][0][height]=250&bids[0][sizes][1][width]=300&bids[0][sizes][1][height]=600&property=5c3404d83e048a00261ad27f&foo
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1de1fe8f127a6b08e226cb40f043ba5d33ab0ff897bf1dea45dcc0db22f0dbf6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
status
200
x-powered-by
Express
etag
"291686219"
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		194 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
2e8cb8892dab9e90ac1f3302fbf051fe00a4097481230cfee6b7422642d2cdb5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
194
expires
0
cygnus
as-sec.casalemedia.com/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%222614dcffa56b25e9%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222624633d2792551d%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%222631cb7202e961bd%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2322d9b3ebe9b47193b759377f765650a6c8599083bd018e7e1d8e14600c0857

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
906
Expires
Mon, 25 Nov 2019 23:43:24 GMT
prebid
ib.adnxs.com/ut/v3/ 		140 B
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
491769c67c950fbb85caaae400e304ecc203b81689f64ffdc8f239fcdb305e2f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.89:80
AN-X-Request-Uuid
f7df61e3-5197-450e-9227-54c660495ad4
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
140
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
hb.emxdgt.com/ 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1574725404558&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-104-43.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Type
text/html
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Access-Control-Allow-Headers
security, Content-Type
Content-Length
0
arj
freestar-d.openx.net/w/1.0/ 		173 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=3ef22c0e-0c6d-47dd-b817-18fa7d65d435&nocache=1574725404558&x_gdpr_f=1&pubcid=9f1a27d0-fc94-4653-9ab9-7b3afbb3619a&aus=300x250%2C300x600&divIds=bleepingcomputer_300x250_300x600_160x600_Right_2&auid=539181725&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash
0a26970ba5d78716c811a267eca458f6edef324f120b50707406dc09aa19c793

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 google
server
OXGW/16.167.2
status
200
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
173
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=274a53b7fb05cdb2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&bidId=2754f2703b701bea&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
imp
g2.gumgum.com/hbid/ 		123 B
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?pv=701e53f7-663f-4a40-95a2-625d456bf913&si=14287&pi=3&gdprApplies=0&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%7D&ogu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ns=10240&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.131.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-131-99.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
server
nginx
status
200
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		194 B
384 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
8dbb9cc6ffe88a4dfb1943ce8108ff5075577c4e9ac9da48de3a5910039d6938

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
194
expires
0
v2
i.connectad.io/api/ 		97 B
174 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.connectad.io/api/v2
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5947b0a373e357aae458c80fffb1e33ed1a252e579fdb9a2dfec13b395360e20

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
clear
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
53b77c12abf559e2-VIE
content-type
application/json
via
1.1 google
display
mantodea.mantisadnetwork.com/prebid/ 		56 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/display?tz=-60&buster=1574725404576&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&measurable=true&bids[0][bidId]=2838fa047112439b&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=bleepingcomputer_728x90_320x50_InContent_1&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&property=5c3404d83e048a00261ad27f&foo
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1de1fe8f127a6b08e226cb40f043ba5d33ab0ff897bf1dea45dcc0db22f0dbf6

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
status
200
x-powered-by
Express
etag
"291686219"
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
56
expires
-1
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
57b6b8a2b730f0515d2334dabadbbdbec64c91bfed643a842b0549617b11b894
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.117:80
AN-X-Request-Uuid
ce5cd6db-f468-4942-b67d-a41e47167017
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ADTECH;v=2;cmd=bid;cors=yes;alias=30513d007753501a;misc=1574725404577;
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ 		944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5146917/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=30513d007753501a;misc=1574725404577;
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.24 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
0814c2f8fe637b6fe2f403b5a9f1f730b3ea7e4ea864d72b6955262b3de63cfa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tk_flint=pbjs_lite_v2.36.0&x_source.tid=536fc3c4-0cfe-475d-88ac-477b813d1eff&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3060403626599322
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.142 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
d4c91dc61e8776136362684b0ecf707fa3a25620c121fc3a742a3f51eb97a79a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=353
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cygnus
as-sec.casalemedia.com/ 		26 B
811 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2229077931e4f1c31e%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222918f149b925c793%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6120ff1b2ec245c78ca5c297681913ccb0095158efe38edc1427ca7e9b7e01ed

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:24 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
44
Expires
Mon, 25 Nov 2019 23:43:24 GMT
translator
hbopenbid.pubmatic.com/ 		0
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Mon, 25 Nov 2019 23:43:24 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.bleepingcomputer.com
v1
dmx.districtm.io/b/ 		0
40 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method
POST
Origin
https://www.bleepingcomputer.com
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://www.bleepingcomputer.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
status
204
access-control-max-age
14400
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c12ab5adfcb-FRA
access-control-allow-headers
origin, content-type
prebid
ib.adnxs.com/ut/v3/ 		140 B
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
136c93ce8f48f12798d63b5e5cf2092760a40037ac6fa3ab99da68e2f5c55914
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:26 GMT
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.51:80
AN-X-Request-Uuid
7765ba99-6a22-4a34-9249-907b2bf84f8d
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
140
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
473 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&tmax=1200
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.48.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-58-48-163.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
x-auction-status
12
status
200
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		173 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=536fc3c4-0cfe-475d-88ac-477b813d1eff&nocache=1574725404579&x_gdpr_f=1&pubcid=9f1a27d0-fc94-4653-9ab9-7b3afbb3619a&aus=728x90&divIds=bleepingcomputer_728x90_320x50_InContent_1&auid=539181725&
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash
a05f8ebc1588636c739d07e68a1a729a74d12e7a46061faefc488a4d93118d6a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:24 GMT
via
1.1 google
server
OXGW/16.167.2
status
200
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
173
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
dmx.districtm.io/b/ 		0
38 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c12a981e007-FRA
access-control-allow-headers
origin, content-type
v1
dmx.districtm.io/b/ 		0
38 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 25 Nov 2019 23:43:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, POST
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
53b77c12b9abe007-FRA
access-control-allow-headers
origin, content-type
c
c.pub.network/ 		36 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
58.36.226.35.bc.googleusercontent.com
Software
/
Resource Hash
4753bc904ab374fd1a1350fb0b1824c1a2c80a8d94bf7fb0d19271358016f303

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Date
Mon, 25 Nov 2019 23:43:25 GMT
Access-Control-Allow-Credentials
true
Content-Length
36
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/plain;charset=utf-8
ads
securepubads.g.doubleclick.net/gampad/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1679836093837318&correlator=2983995069404270&output=ldjh&impl=fifs&adsid=NT&eid=21064826&vrg=2019111801&guci=1.2.0.0.2.2.0.0&plat=1%3A67108864%2C2%3A67108864%2C8%3A67108864&sc=1&sfv=1-0-36&ecs=20191125&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26freestar_path%3D%252Fnews%252Fsecurity%252Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%252F%26freestar_domain%3Dbleepingcomputer.com%26fs_safeframe%3Dfalse%26custom_bidder_size%3Dix_970x90%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.12%26hb_adid%3D302811f6ff131a33%26hb_bidder%3Dix&eri=1&cust_params=user-agent%3DChrome&cookie=ID%3D51cc4be2875ad5b0%3AT%3D1574725403%3AS%3DALNI_MYChEqgZYSMVWURmCDaOcKGPgZOpQ&cookie_enabled=1&bc=31&abxe=1&lmt=1574109363&dt=1574725404826&dlt=1574725402089&idt=445&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=9173&adks=976516616&ucis=8&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&dssz=57&icsg=140737664524288&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x90&msz=1170x90&psts=CigI7by9nRLoAf7Q9oSDBIICDfrd4Qby3uEGob7d9lDRAl021e3_aJZZ&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
89242fc9333acaaaef76dace8bb3a74c92fc4744beb55b1b1da139e4cfdf37c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2239
x-xss-protection
0
google-lineitem-id
4721361520
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138237496046
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1679836093837318&correlator=2983995069404270&output=ldjh&impl=fifs&adsid=NT&eid=21064826&vrg=2019111801&guci=1.2.0.0.2.2.0.0&plat=1%3A67108864%2C2%3A67108864%2C8%3A67108864&sc=1&sfv=1-0-36&ecs=20191125&iu_parts=15184186%2Cbleepingcomputer_300x250_300x600_160x600_Right_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2%26freestar_path%3D%252Fnews%252Fsecurity%252Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%252F%26freestar_domain%3Dbleepingcomputer.com%26fs_safeframe%3Dfalse%26custom_bidder_size%3Dpubmatic_300x600%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.07%26hb_adid%3D30835cc859e233f7%26hb_bidder%3Dpubmatic&eri=1&cust_params=user-agent%3DChrome&cookie=ID%3D51cc4be2875ad5b0%3AT%3D1574725403%3AS%3DALNI_MYChEqgZYSMVWURmCDaOcKGPgZOpQ&cookie_enabled=1&bc=31&abxe=1&lmt=1574109363&dt=1574725404854&dlt=1574725402089&idt=445&frm=20&biw=1600&bih=1200&oid=3&adxs=1082&adys=1486&adks=2389526111&ucis=9&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&dssz=57&icsg=140737664524288&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=306x250&msz=306x250&psts=CigI7by9nRLoAf7Q9oSDBIICDfrd4Qby3uEGob7d9lDRAl021e3_aJZZ&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
2e89d05aa707ef50089f8a48be14b940e4ec93da9e9dc39a7c21c84df062f552
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2241
x-xss-protection
0
google-lineitem-id
4721360305
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138237496043
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		313 B
219 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1679836093837318&correlator=2983995069404270&output=ldjh&impl=fifs&adsid=NT&eid=21064826&vrg=2019111801&guci=1.2.0.0.2.2.0.0&plat=1%3A67108864%2C2%3A67108864%2C8%3A67108864&sc=1&sfv=1-0-36&ecs=20191125&iu_parts=15184186%2Cbleepingcomputer_728x90_320x50_InContent_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie=ID%3D51cc4be2875ad5b0%3AT%3D1574725403%3AS%3DALNI_MYChEqgZYSMVWURmCDaOcKGPgZOpQ&cookie_enabled=1&bc=31&abxe=1&lmt=1574109363&dt=1574725404863&dlt=1574725402089&idt=445&frm=20&biw=1600&bih=1200&oid=3&adxs=268&adys=7565&adks=4047242158&ucis=a&ifi=5&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&dssz=57&icsg=140737664524288&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=834x90&msz=834x90&psts=CigI7by9nRLoAf7Q9oSDBIICDfrd4Qby3uEGob7d9lDRAl021e3_aJZZ&ga_vid=667475525.1574725402&ga_sid=1574725403&ga_hid=545526374&fws=4&ohw=1600
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
69b2725dd65ad3ccc87f8b8b7d2ebd2452a7bd3151af4c67a8dab9999073898c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
133
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 0B38 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvVRWSGdKF5c-D2nihM3-jIE4Yp9ofF0tP3nIygHcdRh58BAqY3kdvD2_NOkoC_wx2EkofVP9ZIPW2RKqRkG1aU_Se8afDe89O1BMf1k53B0jWfVGbYQ5gcgFxAtPGegECwch2j3L7DkIvwNUuy_l_8Buqkhz_fyXxWhxdFdBYrlwhR-Afb5-I5UJK9O-SHIiOltOaNlpzQdyEsg8tQ4en4WfxlY2YdI-UHz3WN76ihodm4a263vqfRlLpVIEpcxLSe09sanMHF5tcaArDctueOMxfAFD5y9g_zUQUSeiNezmLjQqxWs5M4IXGQqxqVjcsQ48mhTA&sig=Cg0ArKJSzLbtRiyNkT__EAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 25 Nov 2019 23:43:25 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
Cookie set ifnotify
a3226.casalemedia.com/ Frame A9FE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://a3226.casalemedia.com/ifnotify?gdprconsent=1&c=1323445&r=351FD051&t=5DDC671C&u=WGR4bkc3bFFKc01BQUJ0VHc0MEFBQUNK&m=a162d95e7096d982ea20af3152b2b3ea&wp=11&aid=85B2F7064D1B0C64&tid=15063&s=6015A&cp=0.17&n=www.bleepingcomputer.com&pr=xx&epr=196d28c34b03d23d
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.80.38.195 , Netherlands, ASN27381 (CASALE-MEDIA - Index Exchange Inc., CA),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Host
a3226.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
CMID=XdxnG7lQJsMAABtTw40AAACJ; CMPS=3226; CMDD=AAYBWgE*; CMPRO=1213; CMST=XdxnG13cZxwB
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Pragma
no-cache
Cache-Control
no-cache
Expires
0
Set-Cookie
CMST=XdxnG13cZx0B;domain=casalemedia.com;path=/;expires=Tue, 26 Nov 2019 23:43:25 GMT CMDD=AAYBWgE*;domain=casalemedia.com;path=/;expires=Tue, 26 Nov 2019 23:43:25 GMT CMRUM3=955ddc671d05a0&825ddc671da8c0&045ddc671d05a0&5a5ddc671d05a0&585ddc671d05a0&2d5ddc671d05a0&495ddc671d05a00&af5ddc671d05a0;domain=casalemedia.com;path=/;expires=Tue, 24 Nov 2020 23:43:25 GMT
Keep-Alive
timeout=1, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html
js
tags.mathtag.com/notify/ Frame 0B38 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?id=5aW95q2jLzIwLyAvTm1SalkyWXdNekF0TUdWaVppMW1PRGhpTFRBd01EQXRNREF3TURBd01EQXdNREF3LzIzMTEzMzMxNTk5MjAxNTE1ODAvNjg2NDA2Mi80ODAyMzcyLzE1L0RmOEtzclhRS1lIZzhHN3lqYjFaeFhjeTZYdnRXRzkxNFRWN1NiREZKMEUvMS8xNS8wLzAvOTU2ODAzLzI0MjA5Mjc3NDQvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzIzMTEzMzMxNTk5MjAxNTE1ODAvYW1zLzAvMTUzOC8zLzk5OS80MC8xNDQuNzYuMTA5LjAvMC4wMDAvMTU3NDcyNTQwNC8/GPXzoryNMg3Mr4iHWXEeguFqttQ&nodeid=128&auctionid=2311333159920151580&exch=cas&sid=4802372&cid=6864062&price=0.17&act=LiIiJiQocHxrPSwuJCMqcHxrKy5wfGshIioqJCMqcHxrOiwkOQsiPwQgPQMiOSQrcH0&group=eu&bp=a_bhgaac
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.135.48 , United Kingdom, ASN30419 (MEDIAMATH-INC - MediaMath Inc, US),
Reverse DNS
Software
MMBD/3.160.0 /
Resource Hash
a75e7cf1580ff58ce7e4c701b4cdc720e034d17a879b9bea1aafdb3f904585e1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1574725404
Last-Modified
Mon, 25 Nov 2019 23:43:24 GMT
Server
MMBD/3.160.0
x-mm-latency
2 (1)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
count
Cache-Control
no-cache
x-mm-host
cdg-router-x50, cdg-bidder-x19
Connection
close
x-mm-pending-bid-state
eyJOb3RpZnlUeXBlIjoid2ViIiwiUEJEYXRhU291cmNlIjoiUEJDIiwiV2FpdEZvcldlYiI6ZmFsc2UsIldhaXRGb3JJbXAiOmZhbHNlLCJXYWl0Rm9yQ2siOmZhbHNlLCJQQlN0YXRlIjoiV2luIiwiRHVwTm90aWZ5IjpmYWxzZSwiQmlkQ2xhaW1lZCI6ZmFsc2UsIlBCU1dvcmtlZCI6ZmFsc2UsIlBCU1dpblBheWxvYWQiOiIifQ
Content-Type
application/x-javascript; charset=UTF-8
Expires
Mon, 25 Nov 2019 23:43:24 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 0B38 		76 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1573858490126243"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29138
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:25 GMT
pixel
protected-by.clarium.io/ Frame 0B38 		68 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_ZHZTOThJS3dEdWtjRzZnUERZQkJjQ2s5c0tZL2l4Ojk3MHg5MA==&v=5&s=v31dqif5ibv&id=eyJwcmViaWQiOnsiYWRJZCI6IjMwMjgxMWY2ZmYxMzFhMzMiLCJjcG0iOjAuMTJ9fQ%3D%3D&sb=0&cb=3132502&h=www.bleepingcomputer.com&d=eyJ3aCI6IlpIWlRPVGhKUzNkRWRXdGpSelpuVUVSWlFrSmpRMnM1YzB0WkwybDRPamszTUhnNU1BPT0iLCJ3ZCI6eyJrIjp7ImhiX2JpZGRlciI6WyJpeCJdLCJoYl9zaXplIjpbIjk3MHg5MCJdfX0sIndyIjowfQ==
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.61.72 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-61-72.eu-central-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
kz7wypcm3ihf
hal9000.redintelligence.net/zone/ Frame 0B38 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/kz7wypcm3ihf?subid=&rnd=2311333159920151580&extVar[]=DOUBLEBORDER:1&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2311333159920151580%26mt_id%3D6864062%26mt_adid%3D216536%26mt_sid%3D4802372%26mt_exid%3D15%26mt_inapp%3D0%26mt_uuid%3Da2235ddc-671c-4801-b7b8-ba09c4126a4d%26redirect%3D
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.53.104.76.144.clients.your-server.de
Software
Apache /
Resource Hash
cbbe161be1a2476807ffce9da4abdbbeed1d6d8416a2af05bdaba989efa45db1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2745
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
img
pixel.mathtag.com/event/ Frame 0B38 		43 B
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=15&v2=2311333159920151580&v3=651871&v4=4802372&v5=6864062&mt_nsync=1&no_attr=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 1913 979072d master zrh-pixel-x23 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
MT3 1913 979072d master zrh-pixel-x23
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 25 Nov 2019 23:43:24 GMT
img
tags.mathtag.com/event/ Frame 0B38 		49 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=cas&bid=2311333159920151580&st=4802372&time=1574725405&nodeid=128
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.135.48 , United Kingdom, ASN30419 (MEDIAMATH-INC - MediaMath Inc, US),
Reverse DNS
Software
MMBD/3.160.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
MMBD/3.160.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
cdg-router-x44, cdg-bidder-x19
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Mon, 25 Nov 2019 23:43:24 GMT
js
pixel.mathtag.com/sync/ Frame 0B38 		597 B
921 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.mathtag.com/sync/js?sync=auto&mt_lim=5
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 1913 979072d master zrh-pixel-x16 /
Resource Hash
acfa1f03ac087fc08ca7389b23f01c47b31c6d00d412a21d9342af3c070fff57

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
MT3 1913 979072d master zrh-pixel-x16
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
597
Expires
Mon, 25 Nov 2019 23:43:24 GMT
sync
ups.analytics.yahoo.com/ups/55938/ Frame 0B38
Redirect Chain
  • https://pixel.advertising.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent=&apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent=&apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.223.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-223-223.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Mon, 25 Nov 2019 23:43:25 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Mon, 25 Nov 2019 23:43:25 GMT
strict-transport-security
max-age=31536000
content-length
0
location
https://ups.analytics.yahoo.com/ups/55938/sync?uid=6dccf030-0ebf-f88b-0000-000000000000&_origin=1&gdpr=0&gdpr_consent=&apid=1A5ec9c818-0fdd-11ea-b3ac-12caad116dbc
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
4448
stags.bluekai.com/site/ Frame 0B38 		62 B
753 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stags.bluekai.com/site/4448?id=6dccf030-0ebf-f88b-0000-000000000000&gdpr=0&gdpr_consent=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.67.136.71 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-67-136-71.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Connection
keep-alive
Content-Type
image/gif
Content-Length
62
BK-Server
525b
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
request.php
hal900010.redintelligence.net/ Frame 0B38 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900010.redintelligence.net/request.php?zone=kz7wypcm3ihf&nw=20&renderingType=javascript&namespace=b36a65efc4&subid=&uid=1bacfe620ef44723&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&redirectClick=http%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D2311333159920151580%26mt_id%3D6864062%26mt_adid%3D216536%26mt_sid%3D4802372%26mt_exid%3D15%26mt_inapp%3D0%26mt_uuid%3Da2235ddc-671c-4801-b7b8-ba09c4126a4d%26redirect%3D&documentReferer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&ancestorOrigins=https%3A%2F%2Fwww.bleepingcomputer.com&random=8171802530619&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.63.145 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.145.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
8b6c1ebf15af923d4daab153d485984760a35880259fa35d83825016f9359ca7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
33301600002082801049096011059010
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
1179
Expires
Mon, 25 Nov 2019 23:43:25 +0100
view
securepubads.g.doubleclick.net/pcs/ Frame 987E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvD3zDbZtFWIa_IEJUw7nEVVcmcs1ej0tTMCS7hsFMQnU5cBM2Fb4IwKSFK4lY5V36G7RkkeLSohDd-c_YPd3Nvrp41ABt-S27Gk1Wmr6ePaKQAphoX6S5jgoG0uEry6ExfBTFoy9aA-oiEnwiJl-8zuXakzfrotje0g3M9Cby6P9shm95MFjhv_PRPTGoc2lLTDYKuEdkN637PnrbPfbPuelCIUpn-taWQBXe8JAaJVFenk0SWkqzuvE5anVY5kPsHrQJOyUVeSFPpB5WmzP44dz5rY-Sq4K81VeRmXwbFutSqdmZ1dYkz1mI3PevoZ0_SZ5CA&sig=Cg0ArKJSzMCI5xuh65_3EAE&urlfix=1&adurl=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 25 Nov 2019 23:43:25 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
loader.js
cdn.taboola.com/libtrc/tdngermany-network/ Frame 987E 		225 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/tdngermany-network/loader.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
372c428c60e16c0b6a164da99f659463acdae7eee722e78ea445222c98592bae

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
WC4V8Ds8C5nad1fYRn3WaE7In5soDQzn
content-encoding
gzip
age
4746
x-cache
HIT
status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
x-amz-replication-status
COMPLETED
content-length
35758
x-amz-id-2
bJNVbyW6h5dTZjF+lUrIosdPAerjywW+2Dn7ZCD5ekEsd9rAkiZWLZmMvKdnmL/5xRhWN08FDwQ=
x-served-by
cache-fra19178-FRA
last-modified
Mon, 25 Nov 2019 14:24:55 GMT
server
AmazonS3
x-timer
S1574725405.153851,VS0,VE0
etag
"f01841b5a072e204333c41688e9c0116"
vary
Accept-Encoding
x-amz-request-id
B1689E7845F773F2
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
34
x-cache-hits
9
st
imprammp.zorosrv.com/ Frame 987E 		0
388 B 		Script
General
Check archive.org
Download Go to
Full URL
https://imprammp.zorosrv.com/st?cipid=66301905&ttype=0&cirid=CD30C4C6A5112218371207121794&cicmp=2041645&cijs=1&dast=V75DkCFwMAEhsVcYv3OgQAEhsVcYv3OgUAAAADBg4HHEPiDDakDW3BWiwmk8Vws1tMBrvFZLFbjtbAhqbT4XPd63W_311idrkMT7vP43cbXqeX5a7xu_1yl-_z17w8rsvT9PxLXJeH3S152D1_t-9hebmVdpvLY_q8BR_PW_Z0uNVOj-Xv-dtMb5Xx4zK7dS-LW_F6WZ4uz18OAAAAAA8AUOxtED3MK3sRAAAAABI-OFHsFAEV_xYCFwAAAAAY_____xoAUBwM57pbX3ajw_V52d3Rw7yy9wEA8BAAAgAwoEACIECGUQJAgXN3AgAAcFAn87QdMzD_Gi0D8HHScmPQA_DgAwAgBAAAkDVErCyEA5o7IkiUgFfECAAAAACSqQ3gaFInVBdV_____VYAVwAAAW6k8sebWTk8vmJhAAAAA2IQ5CvheOHDXGML-rf8PZfbXeN3u-z_________3-z_DABNiGjMLS2IpYBXzQcnin3tFxAAwA0A4A0ALuTY0HQ6fK57ve73u0vMLpfhafd5_G7D6_Sy3DV-t1_u8n3-mpfHdXmann-J6_KwuyUPu-fv9j0sL7fSbnN5TJ-34ON5y54Ot9rpsfw9f5vprTJ-XGa37mVxK14vy9Pl-WsOwA4AAADg7v___x8PgnwlHC98mCsPAAAAx2_CFqPVZLJZDmfLxWQwHA1Ho_0J3GiAEzQcDha7wWK3WAwni8losBwsUCAGE5yQ4WgzWY12q91kOZyMRrPNZIMUrVrNRpvBcDWbzHa71XAwXI5GSNGaxWwyWcxGy91msJyMBsPJcIg4Mpw5nKPRYq1wLUxu0cwyWkssI4dbubA4FqbdxjKaLNei18d0GrlWHufG0Lq4Haanx44AAAABjwwxGs11s7lisJwLNmkgs-VwuFolAAAAAAAAAIClS4GyW7MgGRTGcpsAAAAAnAaxms2Ws3UexGayWuxWox2QPp22QFkAAAAAAAC3AAAAAMEAAAAHdTJP2w!&cipp=0.099690&excid=23
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725405.170389,VS0,VE9
x-cache
MISS
p3p
policyref="/w3c/p3p.xml", CP="NOI IDC DSP COR CURa ADMa OUR IND COM STA NOR UNI"
status
200
x-cache-hits
0
accept-ranges
bytes
access-control-allow-headers
X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
content-length
0
x-served-by
cache-fra19129-FRA
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 987E 		76 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019111801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1573858490126243"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29138
x-xss-protection
0
expires
Mon, 25 Nov 2019 23:43:25 GMT
pixel
protected-by.clarium.io/ Frame 987E 		68 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_ZHZTOThJS3dEdWtjRzZnUERZQkJjQ2s5c0tZL3B1Ym1hdGljOjMwMHg2MDA=&v=5&s=v31dqif5ieu&id=eyJwcmViaWQiOnsiYWRJZCI6IjMwODM1Y2M4NTllMjMzZjciLCJjcG0iOjAuMDc5MDAwMDAwMDAwMDAwMDF9fQ%3D%3D&sb=0&cb=5684176&h=www.bleepingcomputer.com&d=eyJ3aCI6IlpIWlRPVGhKUzNkRWRXdGpSelpuVUVSWlFrSmpRMnM1YzB0WkwzQjFZbTFoZEdsak9qTXdNSGcyTURBPSIsIndkIjp7ImsiOnsiaGJfYmlkZGVyIjpbInB1Ym1hdGljIl0sImhiX3NpemUiOlsiMzAweDYwMCJdfX0sIndyIjowfQ==
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.61.72 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-61-72.eu-central-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
impl.20191125-10-RELEASE.js
cdn.taboola.com/libtrc/ Frame 987E 		419 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20191125-10-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tdngermany-network/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e59954e78913cf966790e1ee3fdeae7bfe81ff47b1fd7e6e8405fdb36843dc69

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
pw5OeRx3t8yg0TQJZjp_yhm6IFa4sP3v
content-encoding
gzip
age
29
x-cache
HIT
status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
x-amz-replication-status
COMPLETED
content-length
120449
x-amz-id-2
gwjddQHl5U9BOJtvwbWUkEoHLO27CeupChT/SLAjL26JkJCInXwHQwK7B+xKKXCx5IGZwZ+NTH4=
x-served-by
cache-fra19178-FRA
last-modified
Mon, 25 Nov 2019 12:11:13 GMT
server
AmazonS3
x-timer
S1574725405.171724,VS0,VE0
etag
"6be1ea304e75832d38bee96cef60a2b2"
vary
Accept-Encoding
x-amz-request-id
B101EF1AED86274B
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
62
x-cache-hits
41
beacon.js
sb.scorecardresearch.com/ Frame 987E 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tdngermany-network/loader.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-16-31-65.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
901
Expires
Tue, 26 Nov 2019 23:43:25 GMT
htlp-webgains
www.11teamsports.com/de-de/ Frame 362B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.11teamsports.com/de-de/htlp-webgains
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a827 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
www.11teamsports.com
:scheme
https
:path
/de-de/htlp-webgains
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
content-type
text/html
content-length
0
set-cookie
__cfduid=d977c31187ed4f63f69913a23e1e5ff151574725405; expires=Wed, 25-Dec-19 23:43:25 GMT; path=/; domain=.11teamsports.com; HttpOnly wgPostView=true; Expires=Tue, 26 Nov 2019 23:43:25 GMT; Path='/'; Domain=.11teamsports.com;
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
53b77c169d515994-VIE
link.html
track.webgains.com/ Frame 0B38 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&viewref=33301600002082801049096011059010&js=1&nw=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
88fba7b2621af8e55bacf8d97cbf48c22ac9c057305601cf16c6694e8a65639a

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Last-Modified
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Transfer-Encoding
chunked
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
text/html;charset=utf-8
Expires
Mon, 26 Jul 1997 05:00:00 GMT
newui_adpepper_22-11-2019_21936805_1x1.gif
creative-a.akamaihd.net/newui_adpepper/2019-11-22/ Frame 0B38
Redirect Chain
  • https://ads.creative-serving.com/tr/adpepperc.2/3031595;sz=1x1;cmp=2335599;cr=1050550
  • https://ads.creative-serving.com/tr/adpepperc.2/3031595;sz=1x1;cmp=2335599;cr=1050550;fl_inst=0;ul_cb=1
  • https://creative-a.akamaihd.net/newui_adpepper/2019-11-22/newui_adpepper_22-11-2019_21936805_1x1.gif
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creative-a.akamaihd.net/newui_adpepper/2019-11-22/newui_adpepper_22-11-2019_21936805_1x1.gif
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.90 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-90.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Last-Modified
Fri, 22 Nov 2019 09:59:32 GMT
Server
AkamaiNetStorage
ETag
"325472601571f31e1bf00674c368d335:1574416772"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43

Redirect headers

Location
https://creative-a.akamaihd.net/newui_adpepper/2019-11-22/newui_adpepper_22-11-2019_21936805_1x1.gif
Date
Mon, 25 Nov 2019 23:43:25 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame A107 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Last-Modified
Tue, 12 Nov 2019 06:59:02 GMT
ETag
"13006b6-97cd-59720c88c16d1"
Server
Apache/2.2.15 (CentOS)
Set-Cookie
KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14515
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=77746
Expires
Tue, 26 Nov 2019 21:19:11 GMT
Date
Mon, 25 Nov 2019 23:43:25 GMT
Connection
keep-alive
Vary
Accept-Encoding
AdDisplayTrackerServlet
aktrack.pubmatic.com/AdServer/ Frame F7BB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156696&siteId=269885&adId=1325175&adType=10&adServerId=243&kefact=0.095205&kaxefact=0.095205&kadNetFrequecy=0&kadwidth=300&kadheight=600&kadsizeid=26&kltstamp=1574725404&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.099690&dcId=3&tldId=59673386&passback=0&svr=BID22439U&ekefact=HGfcXVV_CQDKR7bK1GFwr_-Kkq8YYf5I-Rg8VvzTrpc7jTOh&ekaxefact=HGfcXXF_CQBsqR_CiyaF9_ceU2iXdTX56fa9wb1Z-wlU6Z7A&ekpbmtpfact=HGfcXYh_CQBSlduQXOlzRqgpzdxYnjd6ZtuVDdXITUqq-20U&crID=5303405&lpu=hawaiianairlines.com&ucrid=655095578865346936&campaignId=15208&creativeId=0&pctr=0.000000&wDSPByrId=1&wDspId=734&wbId=5&wrId=0&wAdvID=12906&isRTB=1&rtbId=630D3AFF-04EE-4A65-A535-3C11309F36F6&imprId=6244F509-7448-497A-9042-3D2251CF00FD&oid=6244F509-7448-497A-9042-3D2251CF00FD&cntryId=58&domain=bleepingcomputer.com&pageURL=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&sec=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
aktrack.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Content-Type
text/html
Content-Length
0
Date
Mon, 25 Nov 2019 23:43:25 GMT
Connection
keep-alive
truncated
/ Frame 987E 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a5fa27c0800acd371486a514da172e7d0cdeffa4118a711c24eece7286481c1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
json
trc.taboola.com/tdngermany-rest/trc/3/ Frame 987E 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tdngermany-rest/trc/3/json?tim=00%3A43%3A25.232&lti=normal&data=%7B%22id%22%3A867%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1574725405230%2C%22cv%22%3A%2220191125-10-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%253A%252F%252Fwww.bleepingcomputer.com%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22cmps%22%3A3%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A300%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A600%2C%22dw%22%3A300%2C%22dh%22%3A600%2C%22nsid%22%3A%22tdngermany-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-300X600%3Apub%3Dtdngermany-network%3Aabp%3D0%22%2C%22uip%22%3A%22TDN-DE-300x600-Vid%40SC%2C2041645%2C23%2C156696%22%2C%22orig_uip%22%3A%22TDN-DE-300x600-Vid%40SC%2C2041645%2C23%2C156696%22%2C%22cd%22%3A0%2C%22mw%22%3A300%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22normal%22%7D
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191125-10-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
8b696dbdc3872dc9dc793e2ad63e5076560acf9e33cf4e242b29cabca639a475

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
72
date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
gzip
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
200
via
1.1 varnish
x-served-by
cache-fra19178-FRA
server
nginx
x-timer
S1574725405.237550,VS0,VE72
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
b2
sb.scorecardresearch.com/ Frame 987E
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-...
  • https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan...
0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c9=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-16-31-65.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1574725405248&ns_c=UTF-8&ns_if=1&cv=3.1&c8=Page%20Title&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F&c9=
Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
clk.min.js
analytics.webgains.io/ Frame 0B38 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.webgains.io/clk.min.js
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&viewref=33301600002082801049096011059010&js=1&nw=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:d400:9:352d:a240:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7dca9338d8f5830b8fbe837cf92eb809f6b54fc7aa7a0037bbf188adf1f37baa

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
py.8fc0V01VATXSxDbR51vVNcNXkUT3E
content-encoding
gzip
last-modified
Thu, 14 Nov 2019 15:44:06 GMT
server
AmazonS3
age
28747
date
Mon, 25 Nov 2019 15:44:19 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
FUfeVE5YwkaJjc8AXd-hY6BOLXXx1gjDVljeJBnsx-HZGdd7uZTneQ==
via
1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
hit
diapi.webgains.com/2.0/ Frame 0B38 		79 B
374 B 		Script
General
Check archive.org
Download Go to
Full URL
https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=cWa44iFBBNlY5Du4UXuKrnZ2CI9XkPrwXC_JEkNgvlE4yy2XElgebiYMpztNKscKsoUs_43wuZPup_nH2t05oaYAhrcpMxE6DBUr5xj6KkuJCjCBeipa2hvLG9mhORoVidPZW2AUMnGWVQdgMVQdgAYx92u2p.j.2UMnGWFfwMHDCQyG5me6sBLSsbXzU0l6sqKIrGfuzwg9wJ9wPEwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EvYTrYesS95raaKMPn0qxf7_OLgiPFMtrs1OeyjaY1vSiwuiTtFUoxI6KGI0ljDdYejftckuyPBDjaY2ftckkCoq1HACVddFmeB53kISf_i.uJtHoqvynx9MsFyxYM914Ve_clrv0jV.lV9dVdI_.DJFvQj9dy4AxGjXGfe2Rc7L1eWNNW5BNlYiMfTjV.0iJ&wgcookie=%7B%22wgifp7121%22%3A%5B%2299582%22%2C%227121%22%2C%222513145%22%2C%22%22%2C%221574725405%22%2C%22https%253A%252F%252Fwww.bleepingcomputer.com%252Fnews%252Fsecurity%252Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%252F%22%2C%22%22%2C%22%22%2C%221582501405%22%2C%2233301600002082801049096011059010%22%5D%7D&wgchecksum=4d98a22e817539422f87d92131a4410b&userIP=144.76.109.30&doAffectv=1&wgtime=1574725405
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&viewref=33301600002082801049096011059010&js=1&nw=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.29.72.47 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
81-29-72-47.servers.dedipower.net
Software
Apache /
Resource Hash
94bdeaea0d33cb654b89540e96e02fe28afceb1624d8ed58f7a43f3609fb4a17

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Connection
close
Content-Length
79
Content-Type
text/javascript;charset=utf-8
link.html
track.webgains.com/ Frame 0B38 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.webgains.com/link.html?wgcampaignid=99582&viewref=99847300002757900710744011059005&wglinkid=2513145
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Last-Modified
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
image/png
Content-Length
2808
Expires
Mon, 26 Jul 1997 05:00:00 GMT
link.html
track.webgains.com/ Frame 0B38 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.webgains.com/link.html?wglinkid=2919345&wgcampaignid=99582&js=1&viewref=33301600002082801049096011059010
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
d96f46702904297c273df72531d88f4cf84477b44d4cd94deaee1059165ad43d

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Last-Modified
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Transfer-Encoding
chunked
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
text/html;charset=utf-8
Expires
Mon, 26 Jul 1997 05:00:00 GMT
userx.20191125-10-RELEASE.es6.js
cdn.taboola.com/libtrc/ Frame 987E 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/userx.20191125-10-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tdngermany-network/loader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
51075049494e76844c0beaf83dfaa5bf57b47ed8163f0cf13f9d0c60f3ab138e

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
Zcd9S2tPTsfF34kePmJvEJWlb2K.tYSg
content-encoding
gzip
age
85
x-cache
HIT
status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
x-amz-replication-status
COMPLETED
content-length
7712
x-amz-id-2
cMGJvFEqGhY1pvSj+YgtWeGne0iTErpi54aHivWaDxFF6wi03ELjIVxr2ApMumPvl1x1qOfp9LU=
x-served-by
cache-fra19178-FRA
last-modified
Mon, 25 Nov 2019 12:11:22 GMT
server
AmazonS3
x-timer
S1574725406.564099,VS0,VE0
etag
"85284943ae9149bfedb4926f74ef659c"
vary
Accept-Encoding
x-amz-request-id
171F067723B9BD27
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
10
x-cache-hits
32
rtb-h
trc.taboola.com/sg/mediaforcebidder-network/1/ Frame F9F3
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=taboola
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
  • https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=bb8342a3-3147-47f6-83c2-80419520fc4b
0
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=bb8342a3-3147-47f6-83c2-80419520fc4b
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.703937,VS0,VE8
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
204
accept-ranges
bytes
x-cache-hits
0

Redirect headers

Location
//trc.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=bb8342a3-3147-47f6-83c2-80419520fc4b
Date
Mon, 25 Nov 2019 23:43:25 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
/
trc.taboola.com/sg/rubicon-network-display/1/rtb-h/ Frame F9F3
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698
  • https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=K3F2UI41-17-UOZ
0
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=K3F2UI41-17-UOZ
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.684831,VS0,VE8
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
204
accept-ranges
bytes
x-cache-hits
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://trc.taboola.com/sg/rubicon-network-display/1/rtb-h/?taboola_hm=K3F2UI41-17-UOZ
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
/
trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame F9F3
Redirect Chain
  • https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Ftrc.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D
  • https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=CxjAxGQW4a4DcnlntYDHqmEzQLTnJd-DHLC6ynKtvwM%3D
45 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=CxjAxGQW4a4DcnlntYDHqmEzQLTnJd-DHLC6ynKtvwM%3D
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
9
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.702918,VS0,VE9
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
200
accept-ranges
bytes
x-cache-hits
0

Redirect headers

Location
https://trc.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=CxjAxGQW4a4DcnlntYDHqmEzQLTnJd-DHLC6ynKtvwM%3D
Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
nginx
Connection
close
Etag
"CxjAxGQW4a4DcnlntYDHqmEzQLTnJd-DHLC6ynKtvwM="
Content-Length
0
rtb-h
match.taboola.com/sg/mediamath-ssp-network/1/ Frame F9F3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=92&redir=https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=[MM_UUID]
  • https://trc.taboola.com/sg/mediamath-ssp-network/1/rtb-h/?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d
  • https://match.taboola.com/sg/mediamath-ssp-network/1/rtb-h?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3Da2235ddc-671c-480...
0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/mediamath-ssp-network/1/rtb-h?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3Da2235ddc-671c-4801-b7b8-ba09c4126a4d
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.685614,VS0,VE9
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
8
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.662506,VS0,VE8
location
https://match.taboola.com/sg/mediamath-ssp-network/1/rtb-h?taboola_hm=a2235ddc-671c-4801-b7b8-ba09c4126a4d&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3Da2235ddc-671c-4801-b7b8-ba09c4126a4d
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
/
trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame F9F3
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Ftrc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%
  • https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=eyGPGP9LJC50&ev=1&pid=562107
0
51 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=eyGPGP9LJC50&ev=1&pid=562107
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.672395,VS0,VE8
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
204
accept-ranges
bytes
x-cache-hits
0

Redirect headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Via
1.1 varnish
X-Cache
MISS
P3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Connection
keep-alive
Content-Length
0
X-Served-By
cache-fra19125-FRA
Server
Jetty(9.4.7.v20170914)
Vary
Accept-Encoding
Content-Language
en
Location
https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=eyGPGP9LJC50&ev=1&pid=562107
Expires
-1
Cache-Control
private, max-age=0, no-cache, no-store
Accept-Ranges
bytes
Content-Type
text/plain; charset=utf-8
Cw-Server
bh-deployment-stage-0
X-Cache-Hits
0
/
trc.taboola.com/sg/rtbhouse-network/1/rtb-h/ Frame F9F3
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=taboola
  • https://ams.creativecdn.com/cm-notify?pi=taboola&tc=1
  • https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=4nlDm6Y3H27xAUJ1egcU&pi=taboola&tc=1
0
51 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=4nlDm6Y3H27xAUJ1egcU&pi=taboola&tc=1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
9
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.708913,VS0,VE9
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
204
accept-ranges
bytes
x-cache-hits
0

Redirect headers

status
302
pragma
no-cache
date
Mon, 25 Nov 2019 23:43:25 GMT, Mon, 25 Nov 2019 23:43:25 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
location
https://trc.taboola.com/sg/rtbhouse-network/1/rtb-h/?taboola_hm=4nlDm6Y3H27xAUJ1egcU&pi=taboola&tc=1
expires
Thu, 01 Jan 1970 00:00:00 GMT
rtb-h
match.taboola.com/sg/appnexus-network/1/ Frame F9F3
Redirect Chain
  • https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID
  • https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355
  • https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8638635457441679355&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D8638635457441679355
0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8638635457441679355&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D8638635457441679355
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.685680,VS0,VE8
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
8
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.662564,VS0,VE8
location
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=8638635457441679355&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D8638635457441679355
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
rtb-h
match.taboola.com/sg/google-network/1/ Frame F9F3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&google_cver=1
  • https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3DCAESEGZRA4CV-1TzZPj1MNnwkT0%26goo...
0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3DCAESEGZRA4CV-1TzZPj1MNnwkT0%26google_cver%3D1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.685662,VS0,VE8
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
9
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.662575,VS0,VE9
location
https://match.taboola.com/sg/google-network/1/rtb-h?taboola_hm=CAESEGZRA4CV-1TzZPj1MNnwkT0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3DCAESEGZRA4CV-1TzZPj1MNnwkT0%26google_cver%3D1
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
/
trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/ Frame F9F3
Redirect Chain
  • https://ib.adnxs.com/getuidnb?https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID
  • https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355
0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
16
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.684331,VS0,VE16
x-served-by
cache-fra19178-FRA
x-cache
MISS
status
204
accept-ranges
bytes
x-cache-hits
0

Redirect headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:27 GMT
AN-X-Request-Uuid
a80e20be-146d-4421-9bf2-66acad369751
Content-Type
text/html; charset=utf-8
Server
nginx/1.13.4
Location
https://trc.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=8638635457441679355
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
144.76.109.30; 144.76.109.30; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.10:80
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rtb-h
match.taboola.com/sg/thetradedesk-network/1/ Frame F9F3
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0
  • https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D428058ad-1068-429b...
0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D428058ad-1068-429b-a448-657f64ea2bb0
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.871569,VS0,VE8
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
108
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.759059,VS0,VE108
location
https://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=428058ad-1068-429b-a448-657f64ea2bb0&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D428058ad-1068-429b-a448-657f64ea2bb0
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
rtb-h
match.taboola.com/sg/storygize-network/1/ Frame F9F3
Redirect Chain
  • https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d
  • https://trc.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1
  • https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D55479f73-9854-40d3-8a...
0
76 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D55479f73-9854-40d3-8a0a-8d0f2e2be3c1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.395380,VS0,VE9
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
9
date
Mon, 25 Nov 2019 23:43:26 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.381905,VS0,VE9
location
https://match.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=55479f73-9854-40d3-8a0a-8d0f2e2be3c1&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D55479f73-9854-40d3-8a0a-8d0f2e2be3c1
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
cookiesync
bttrack.com/pixel/ Frame F9F3 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT - Bidtellect Inc., US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-ServerName
Track003-dc3
Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
/
cds.taboola.com/ Frame F9F3 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cds.taboola.com/?uid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&_r=6840881
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
130.211.13.252 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
252.13.211.130.bc.googleusercontent.com
Software
nginx/1.16.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Via
1.1 varnish
Server
nginx/1.16.1
X-Timer
S1574725406.934411,VS0,VE22
X-Cache
MISS
x-envoy-upstream-service-time
0
X-Cache-Hits
0
Connection
close
Accept-Ranges
bytes
Content-Length
0
X-Served-By
cache-dca17729-DCA
rtb-h
match.taboola.com/sg/bidswitch-network/1/ Frame F9F3
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=taboola
  • https://x.bidswitch.net/ul_cb/sync?ssp=taboola
  • https://ads.programattik.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
  • https://ads.programattik.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola
  • https://x.bidswitch.net/sync?dsp_id=156&expires=14&user_id=bd638c71-c351-4dd8-8dd7-33e38ffe804d&ssp=taboola
  • https://trc.taboola.com/sg/bidswitch-network/1/rtb-h/?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5
  • https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D1c243162-cbae-427c-8b...
0
52 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D1c243162-cbae-427c-8bff-f26bd890c2f5
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.848671,VS0,VE8
x-served-by
cache-hhn4070-HHN
x-cache
MISS
status
200
accept-ranges
bytes
content-length
0
x-cache-hits
0

Redirect headers

x-vcl-time-ms
9
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
server
nginx
x-timer
S1574725406.818893,VS0,VE9
location
https://match.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1c243162-cbae-427c-8bff-f26bd890c2f5&tbid=c67872bf-2aef-4631-81b5-91baf9ab07b5-tuct4d5ec9d&query=taboola_hm%3D1c243162-cbae-427c-8bff-f26bd890c2f5
x-cache
MISS
status
302
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-fra19178-FRA
c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
cdn.taboola.com/static/c5/ Frame 987E 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/static/c5/c5ef96bc-30ab-456a-b3d5-a84f367c6a46.svg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
3GoWmPpnzFDs5CP3.ebHbCmhALWQMuvH
content-encoding
gzip
age
117
x-cache
HIT
status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
x-amz-replication-status
COMPLETED
content-length
1502
x-amz-id-2
bHIiMZEuG+pm8Q3ETbzDyBC81ze7Jjwk+Vv+XfxVgz1zyv5PKhoUOAJOkbMCoDw4nAkkujfhbHo=
x-served-by
cache-fra19178-FRA
access-control-allow-origin
*
last-modified
Sun, 10 Jun 2018 13:23:55 GMT
server
AmazonS3
x-timer
S1574725406.566820,VS0,VE0
etag
"11d8569a7da0739259e3ac0b0d666e94"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
FA37BE213425FCB9
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/svg+xml
access-control-allow-headers
*
abp
10
x-cache-hits
22
available
trc.taboola.com/tdngermany-rest/log/3/ Frame 987E 		0
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tdngermany-rest/log/3/available?route=AM%3AAM%3AV&lti=normal
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20191125-10-RELEASE.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
10
date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status
204
x-served-by
cache-fra19178-FRA
pragma
no-cache
server
nginx
x-timer
S1574725406.580484,VS0,VE10
content-type
image/gif
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
a0103fc52d62fb552c45b87cab4baf85.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a0103fc52d62fb552c45b87cab4baf85.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
ce75cc6e17414986d2998d77e286b21ffb4d5da584321daee0e0b6023db9782b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
865520
edge-cache-tag
338703189808861919816441417362808258944,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Sat, 16 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a0103fc52d62fb552c45b87cab4baf85.jpg
content-length
4015
x-served-by
cache-hhn4027-HHN, cache-hhn4071-HHN
last-modified
Wed, 16 Oct 2019 13:59:53 GMT
server
cloudinary
x-timer
S1574725406.753422,VS0,VE0
etag
"c605d2a166266aec2a51863d11028302"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 2
2fe21188fee96e81665d2d99f31a6353.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2fe21188fee96e81665d2d99f31a6353.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
9a91af85c1428c1e67eeb6c09ee7ed0102dc87125cc6b4ad6580d2ae9410c1f0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
995361
edge-cache-tag
415240570766575529998985486345789966923,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Fri, 13 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2fe21188fee96e81665d2d99f31a6353.jpg
content-length
3709
x-served-by
cache-hhn4073-HHN, cache-hhn4071-HHN
last-modified
Tue, 12 Nov 2019 23:10:02 GMT
server
cloudinary
x-timer
S1574725406.753592,VS0,VE0
etag
"0eff3e86480da633110e00ce852c1284"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 12
fd1f346cac609470bfb59a91493a8f4e.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fd1f346cac609470bfb59a91493a8f4e.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
f238c548669c19b2fde5ed6d83a8428fc97413937d28b81ae1178f0a7f988fd5

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
716738
edge-cache-tag
292566783767724814882013068219992106074,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Mon, 18 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fd1f346cac609470bfb59a91493a8f4e.jpg
content-length
4786
x-served-by
cache-hhn4075-HHN, cache-hhn4071-HHN
last-modified
Fri, 18 Oct 2019 16:34:02 GMT
server
cloudinary
x-timer
S1574725406.753549,VS0,VE0
etag
"bd0c141f9e98c809a48f3692b20abc3a"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1
c1aa603dd04bf6190dd925ecc2dd6162.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c1aa603dd04bf6190dd925ecc2dd6162.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
2153566030048e114b89d42f16a36849e5e7df22236379c182fa196315e20f0f

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
2305591
edge-cache-tag
417939435175362557485811870280554685652,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Sat, 30 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c1aa603dd04bf6190dd925ecc2dd6162.jpg
content-length
8461
x-served-by
cache-hhn4056-HHN, cache-hhn4071-HHN
last-modified
Wed, 30 Oct 2019 06:59:28 GMT
server
cloudinary
x-timer
S1574725406.753541,VS0,VE0
etag
"7dc524f09f1f2856771c18d6a588a4e1"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 3
3e816ecaf0e25b89695dc88b70db81b7.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e816ecaf0e25b89695dc88b70db81b7.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
823f9dc89bfb72a1d74fd880732b47f44dde3eb5ea76b7be4aa7d4a09e8edc92

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
2098591
edge-cache-tag
438555939555247018598846034856104215992,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Mon, 02 Dec 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e816ecaf0e25b89695dc88b70db81b7.jpg
content-length
2493
x-served-by
cache-hhn4067-HHN, cache-hhn4071-HHN
last-modified
Fri, 01 Nov 2019 16:41:14 GMT
server
cloudinary
x-timer
S1574725406.753663,VS0,VE0
etag
"0f37c5ae045bd920543cdea5160f589c"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 21
3e11117ba7e57a6174abc7e3d89bc70c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
a64a8101880c1fc037d98afb18968667121af077156c0a4689285ed352b8ab68

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
via
1.1 varnish, 1.1 varnish
age
243846
edge-cache-tag
346018804539320881254148241124608989757,480279100838976313430873720242721978156,29ecf9b93bbf306179626feeda1fab70
status
200
expiration
expiry-date="Sat, 23 Nov 2019 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_79%2Cw_140%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3e11117ba7e57a6174abc7e3d89bc70c.jpg
content-length
6572
x-served-by
cache-hhn4061-HHN, cache-hhn4071-HHN
last-modified
Wed, 23 Oct 2019 12:24:12 GMT
server
cloudinary
x-timer
S1574725406.761225,VS0,VE0
etag
"901292c589a128f42cb3c11f341fdf4e"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 2
adview
securepubads.g.doubleclick.net/pagead/ Frame B7D3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CgxfvHGfcXfh4ktaAB_PwoNAC48_1nlqOtrb_gQqZzJnclw4QASDa18U5YJUCoAHS-MviA8gBAeACAKgDAaoEyAJP0Fb3ByzqRYIewc_tkr-Lj11tT6aeP10sIQ8vK6iSDD9TCK53P8ZOHPT8VJqzKOk9baMQi2HX7pCG7-LoX7l6X-2xzLkhhBrryOb7nWaUEpqJw4EzCJ5nflgbobuQNjFi3O2qWf9HKVcXS8pYOBeD8vokvAMkYldYYcXy30WuYGaime0puiRn7fgMXLF0p6eEQSfIfJsEM-8cmSN7r3cRuElhqkX-5uDEORPKhhlOQuOEK67ZhzdSu1xQdFE5Q1FWQuMLuOepowFseIHMMGbTMk70wcD-A5Z2Fv96FTviRjcR4rOTEPORfamoyPE0CxQTQ5QL9b7A53Ygqw1HW-7bF8E5No3BIwfq4QTu9Xgj1AdyfhyLmNgOFj0a-846TPxRkZXo7zRuKsp2InWlZ71H5P6jNsMdg7FJfEh7T6Q6-Da8-WlMsqRpwAS8jPj8hgLgBAGAB4GI1kOoB47OG6gH1ckbqAeT2BuoB7oGqAfZyxuoB8_MG6gHpr4bqAfs1RvYBwHyBwQQ8KAO0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMDiBQE&sigh=pvrnWvc9QfQ&vt=1&template_id=5001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame B7D3 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIvejFzVrZQIHbjensg5feTm8PAAcbB3Wz_ehHqu_TtfhiMWl4RzhrBBuR2TU4e8up_UOb_JnarfsDPS4hCYm3_hPXW2ebqqv1TrHc9o6JvIUdpH5Ils6egKJAxH-71j6t5OpPHUOtMpJ1KbXnbbU3&sai=AMfl-YT87fitpTYV3sCO0n9nq6EgqA-EgbAgjuRbQNX0We0iaUSFu5jjK_rsclQYctxzTK9elzjdmS6uYiOJhkOS1un7OGgwIqr23iIRjS1jresL72zkr5mI1dAwm4c&sig=Cg0ArKJSzO6rYHSnwE31EAE&cid=CAASF-RoO6IezTzwEWB4FXUue6O-xf1LX-ea&id=ampim&o=315,146&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1070&mtos=0,0,1070,1070,1070&tos=0,0,1070,0,0&tfs=123&tls=1193&g=100&h=100&tt=1193&r=v&adk=960084856&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:25 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag
w-it.m-t.io/ Frame 0B38 		70 B
249 B 		Script
General
Check archive.org
Download Go to
Full URL
https://w-it.m-t.io/tag?type=impr&date=1574725405667
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/clk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
267deb4a931743610d9aa55f64ce5947ac2c674924c114e558082b9f5e59d800

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
x-cloud-trace-context
7c1eceb6f07454f8ed742aac0c2a0abb
cache-control
private
content-length
80
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 987E 		254 B
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
age
13855
x-cache
HIT
status
200
date
Mon, 25 Nov 2019 23:43:25 GMT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
Vjnfq2okxpLEG/cBVxSfv3DOOCGN7KTpixt29L7DwUhoZL6eRlgDSODZqhfatrYL58q01gaLKf4=
x-served-by
cache-fra19178-FRA
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1574725406.682098,VS0,VE0
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-request-id
F6D91014AAA6CDC4
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
abp
10
x-cache-hits
10522
tag
w-it.m-t.io/ Frame 0B38 		70 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://w-it.m-t.io/tag?type=impr&date=1574725405687
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/clk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
267deb4a931743610d9aa55f64ce5947ac2c674924c114e558082b9f5e59d800

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 Nov 2019 23:43:25 GMT
content-encoding
gzip
server
Google Frontend
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
x-cloud-trace-context
4c74cfce30dddf7f193eccfc87d28815
cache-control
private
content-length
80
hit
diapi.webgains.com/2.0/ Frame 0B38 		79 B
267 B 		Script
General
Check archive.org
Download Go to
Full URL
https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=VWa44iFBBNlY5Du4UXuKrnZ2CI9XkPrwXC_JEkNgvlE4yy2XElgebiYMpztNKscKsoUs_43wuZPup_nH2t05oaYAhrcpMxE6DBUr5xj6KkuJCjCBeipa2hvLG9mhORoVidPZW2AUMnGWVQdgMVQdgAYx92u2p.j.2UMnGWFfwMHDCQyG5me6sBLSsbXzU0l6sqKIrGfuzwg9wJ9wPEwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EvYTrYesS95raaKMPn0qxf7_OLgiPFMtrs1OeyjaY1vSiwuiTtFUoxI6KGI0ljDdYejftckuyPBDjaY2ftckkCoq1HACVddFmeB53kDjLtQVD_DJhCizgzH_y3EjNpmVWN9dPBSmrk.Nk4JkJdmV697Shr_Jz1_ycrl7pp0iJ3A0KFgBFY5BNlrApjMk.88n&wgcookie=%7B%22wgifp274615%22%3A%5B%2299582%22%2C%22274615%22%2C%222919345%22%2C%22%22%2C%221574725405%22%2C%22https%253A%252F%252Fwww.bleepingcomputer.com%252Fnews%252Fsecurity%252Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%252F%22%2C%22%22%2C%22%22%2C%221582501405%22%2C%2233301600002082801049096011059010%22%5D%7D&wgchecksum=9785e4eac7853d33edc6476d98c704d6&userIP=144.76.109.30&doAffectv=1&wgtime=1574725405
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2919345&wgcampaignid=99582&js=1&viewref=33301600002082801049096011059010
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.29.72.47 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
81-29-72-47.servers.dedipower.net
Software
Apache /
Resource Hash
94bdeaea0d33cb654b89540e96e02fe28afceb1624d8ed58f7a43f3609fb4a17

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Connection
close
Content-Length
79
Content-Type
text/javascript;charset=utf-8
link.html
track.webgains.com/ Frame 0B38 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.webgains.com/link.html?wgcampaignid=99582&viewref=89188700001902400951457011059001&wglinkid=2919345
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS
46-236-13-147.servers.dedipower.net
Software
Apache /
Resource Hash
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:25 GMT
Last-Modified
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
P3P
policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache
hit
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Content-Type
image/png
Content-Length
2808
Expires
Mon, 26 Jul 1997 05:00:00 GMT
activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35
8019191.fls.doubleclick.net/ Frame 93F6
Redirect Chain
  • https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35?
  • https://8019191.fls.doubleclick.net/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35?
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35?
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.134 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s18-in-f134.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
8019191.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
IDE=AHWqTUnVHqA41CNykcpLrK4TLptUvBP_VEi1FicKf1B3CezFNymEowoPefLMHVVA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Mon, 25 Nov 2019 23:43:25 GMT
expires
Mon, 25 Nov 2019 23:43:25 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
323
x-xss-protection
0
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Mon, 25 Nov 2019 23:43:25 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://8019191.fls.doubleclick.net/activityi;dc_pre=CLHis6PFhuYCFVQ84AodoMIE7A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=8560866355889.35?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
set-cookie
IDE=AHWqTUnVHqA41CNykcpLrK4TLptUvBP_VEi1FicKf1B3CezFNymEowoPefLMHVVA; expires=Sat, 19-Dec-2020 23:43:25 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
request_content.php
hal900010.redintelligence.net/ Frame B359 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900010.redintelligence.net/request_content.php?s=33301600002082801049096011059010&a=145f2395
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.63.145 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.145.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Host
hal900010.redintelligence.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
Apache
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Expires
Mon, 25 Nov 2019 23:43:25 +0100
Pragma
no-cache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1374
Connection
close
Content-Type
text/html; charset=utf-8
truncated
/ Frame 0B38 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feb1412888371e9055ad0bc15ab779a92273b8a8557f87266726bc77bd1adcac

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
img
pixel.mathtag.com/misc/ Frame 0B38 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 1913 979072d master zrh-pixel-x22 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 Nov 2019 23:43:25 GMT
Server
MT3 1913 979072d master zrh-pixel-x22
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 25 Nov 2019 23:43:24 GMT
track
w-it.m-t.io/ Frame 0B38 		0
77 B 		Script
General
Check archive.org
Download Go to
Full URL
https://w-it.m-t.io/track?campaignId=99582&clickId=274615_99582_15747254055736_79834bf2a5&programId=274615&expiry=1582501405&acc=wg&scriptTag=&type=postview&indicator=e333982cb4995014968ba9141113523e&
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/clk.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
x-cloud-trace-context
72065b680ea4c99a703c9ada0c6c9fe6
server
Google Frontend
date
Mon, 25 Nov 2019 23:43:25 GMT
content-length
0
content-type
application/javascript;charset=utf-8
iframe
mantodea.mantisadnetwork.com/prebid/ Frame A320 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404675&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-60&buster=1574725404675&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
"-816291178"
connectmyusers.php
cdn.connectad.io/ Frame 8DB4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dd2010f6724cac915dd35a5dd2f646b9c1574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.connectad.io; HttpOnly
cache-control
max-age=28800
cf-cache-status
HIT
age
5753
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
53b77c36ebde59e2-VIE
content-encoding
gzip
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 4E72 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640894
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19156-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 2864146
X-Timer
S1574725410.391928,VS0,VE0
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame C0D6
Redirect Chain
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
vary
Accept
set-cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574725410|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 10-Dec-2019 23:43:30 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
content-length
862
via
1.1 google
alt-svc
clear

Redirect headers

status
302
set-cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date
Mon, 25 Nov 2019 23:43:30 GMT
content-length
0
via
1.1 google
alt-svc
clear
pd
eu-u.openx.net/w/1.0/ Frame D358
Redirect Chain
  • https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
i=ca6e965a-2c8f-0808-3014-9578f4bf1320|1574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
vary
Accept
set-cookie
i=ca6e965a-2c8f-0808-3014-9578f4bf1320|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574725410|mOsLgqgikin0fcmWiygu; Version=1; Expires=Tue, 10-Dec-2019 23:43:30 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
content-length
862
via
1.1 google
alt-svc
clear

Redirect headers

status
302
set-cookie
i=ca6e965a-2c8f-0808-3014-9578f4bf1320|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
date
Mon, 25 Nov 2019 23:43:30 GMT
content-length
0
via
1.1 google
alt-svc
clear
connectmyusers.php
cdn.connectad.io/ Frame 7BC5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dd2010f6724cac915dd35a5dd2f646b9c1574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.connectad.io; HttpOnly
cache-control
max-age=28800
cf-cache-status
HIT
age
5753
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
53b77c36ebe959e2-VIE
content-encoding
gzip
index.html
cdn.districtm.io/ids/ Frame FD45 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
set-cookie
__cfduid=d3a284de5bcb633482509b090113307d11574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.districtm.io; HttpOnly
cf-ray
53b77c36e8dfe007-FRA
cf-cache-status
DYNAMIC
cache-control
s-maxage=1209600, max-age=14400
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
content-encoding
br
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 66AA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640894
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19156-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 2864147
X-Timer
S1574725410.398027,VS0,VE0
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame C466 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909183
X-Timer
S1574725410.402498,VS0,VE0
Vary
Accept-Encoding
Cookie set check.html
biddr.brealtime.com/ Frame 16E8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.119.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
biddr.brealtime.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Date
Mon, 25 Nov 2019 23:43:30 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d4ef1545f5563f8562a30885d5eb2c3cb1574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.brealtime.com; HttpOnly
x-amz-id-2
+i8PioR06DTXMjXZ4PV4MKhmtlG+ZYMi6U6gYzo+4TXr/ACDMK2pBRhK611jbDVa9PGZSNAXUvc=
x-amz-request-id
EE4C1A3D47967E3E
x-amz-meta-origin-date-iso8601
2019-05-30T19:14:20.000Z
Last-Modified
Thu, 30 May 2019 19:21:30 GMT
Cache-Control
max-age=60
CF-Cache-Status
HIT
Age
5411
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
53b77c371f01dfe7-FRA
Content-Encoding
gzip
Cookie set check.html
biddr.brealtime.com/ Frame 5DD9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.119.107 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Host
biddr.brealtime.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Date
Mon, 25 Nov 2019 23:43:30 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d209297211699a08ab62d7cb8ae0a86df1574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.brealtime.com; HttpOnly
x-amz-id-2
+i8PioR06DTXMjXZ4PV4MKhmtlG+ZYMi6U6gYzo+4TXr/ACDMK2pBRhK611jbDVa9PGZSNAXUvc=
x-amz-request-id
EE4C1A3D47967E3E
x-amz-meta-origin-date-iso8601
2019-05-30T19:14:20.000Z
Last-Modified
Thu, 30 May 2019 19:21:30 GMT
Cache-Control
max-age=60
CF-Cache-Status
HIT
Age
5411
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
53b77c37196f642b-FRA
Content-Encoding
gzip
connectmyusers.php
cdn.connectad.io/ Frame 1759 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
__cfduid=dd2010f6724cac915dd35a5dd2f646b9c1574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=UTF-8
cache-control
max-age=28800
cf-cache-status
HIT
age
5753
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
53b77c371bf659e2-VIE
content-encoding
gzip
usync.html
eus.rubiconproject.com/ Frame EC4D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a23-37-55-184.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 14 Nov 2019 18:59:50 GMT
Content-Encoding
gzip
Content-Length
7459
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=11281
Expires
Tue, 26 Nov 2019 02:51:31 GMT
Date
Mon, 25 Nov 2019 23:43:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame E2E1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909184
X-Timer
S1574725410.456539,VS0,VE0
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame A7D0
Redirect Chain
  • https://ib.3lift.com/sync?
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.209.134 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-209-134.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?&ld=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
tluid=18011656065495753437
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
516
set-cookie
sync=CgoI4gEQur3Lp-otCgoI5gEQur3Lp-otCgkICRC6vcun6i0KCgipARC6vcun6i0KCQg5ELq9y6fqLQoJCDoQur3Lp-otCgkICxC6vcun6i0KCgjOARC6vcun6i0KCgiOARC6vcun6i0KCQgfELq9y6fqLQ==; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/sync; Domain=.3lift.com tluid=18011656065495753437; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/; Domain=.3lift.com
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

status
302
date
Mon, 25 Nov 2019 23:43:30 GMT
content-length
0
set-cookie
tluid=18011656065495753437; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/; Domain=.3lift.com
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
eb2.3lift.com/ Frame 4B7B
Redirect Chain
  • https://ib.3lift.com/sync?
  • https://eb2.3lift.com/sync?
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.209.134 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-209-134.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
tluid=18011656065495753437
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
516
set-cookie
sync=CgoI4gEQtb3Lp-otCgoI5gEQtb3Lp-otCgkICRC1vcun6i0KCgipARC1vcun6i0KCQg5ELW9y6fqLQoJCDoQtb3Lp-otCgkICxC1vcun6i0KCgjOARC1vcun6i0KCgiOARC1vcun6i0KCQgfELW9y6fqLQ==; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/sync; Domain=.3lift.com tluid=18011656065495753437; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/; Domain=.3lift.com
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

Content-Length
0
Connection
keep-alive
Cache-Control
public, max-age=900
Date
Mon, 25 Nov 2019 23:39:49 GMT
Last-Modified
Mon, 25 Nov 2019 23:39:49 GMT
Location
https://eb2.3lift.com/sync?
X-Rev
6432f44
X-Served-By
impression-bus3.us_east.prod
X-Cache
Hit from cloudfront
Via
1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C1
X-Amz-Cf-Id
MfLPFww3LjP7yfpD4eOdE8WS053vxQgbu8MbUsTo8nPVoMhpL_v_ew==
Age
220
connectmyusers.php
cdn.connectad.io/ Frame 5E47 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:9174 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.connectad.io
:scheme
https
:path
/connectmyusers.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
__cfduid=dd2010f6724cac915dd35a5dd2f646b9c1574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=UTF-8
cache-control
max-age=28800
cf-cache-status
HIT
age
5753
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
53b77c376c2559e2-VIE
content-encoding
gzip
Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 08ED 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
KRTBCOOKIE_699=22727-AATbBk67uM4AAC3dEMn3kA&KRTB&22744-AATbBk67uM4AAC3dEMn3kA&KRTB&22745-AATbBk67uM4AAC3dEMn3kA; PugT=1574725405; PUBMDCID=3; KRTBCOOKIE_80=16514-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22987-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22995-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&23025-CAESEOYiHYaELvcRWsA3DdahwSA; KRTBCOOKIE_218=4056-XdxnHQAAAILNUwxi&KRTB&22922-XdxnHQAAAILNUwxi&KRTB&22978-XdxnHQAAAILNUwxi; KRTBCOOKIE_153=19420-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH&KRTB&22979-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH; KRTBCOOKIE_279=22890-5fb4931b-0fdd-11ea-9060-49b32dc62b10; KRTBCOOKIE_1051=22884-18072662400211626725; KRTBCOOKIE_336=5844-7942069245001297458
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Last-Modified
Tue, 12 Nov 2019 06:59:02 GMT
ETag
"13006b6-97cd-59720c88c16d1"
Server
Apache/2.2.15 (CentOS)
Set-Cookie
KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14515
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=77741
Expires
Tue, 26 Nov 2019 21:19:11 GMT
Date
Mon, 25 Nov 2019 23:43:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 031E
Redirect Chain
  • https://ib.3lift.com/sync?
  • https://eb2.3lift.com/sync?
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.209.134 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-209-134.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
sync=CgoI4gEQur3Lp-otCgoI5gEQur3Lp-otCgkICRC6vcun6i0KCgipARC6vcun6i0KCQg5ELq9y6fqLQoJCDoQur3Lp-otCgkICxC6vcun6i0KCgjOARC6vcun6i0KCgiOARC6vcun6i0KCQgfELq9y6fqLQ==; tluid=18011656065495753437
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
459
set-cookie
sync=CgoIoQEQ_b3Lp-otCgoI4gEQur3Lp-otCgoI4wEQ_b3Lp-otCgoI5gEQur3Lp-otCgkICRC6vcun6i0KCgipARC6vcun6i0KCQgLELq9y6fqLQoKCM4BELq9y6fqLQoKCI4BELq9y6fqLQoJCHMQ_b3Lp-otCgoI1gEQ_b3Lp-otCgkIORC6vcun6i0KCQg6ELq9y6fqLQoJCBsQ_b3Lp-otCgoIvQEQ_b3Lp-otCgoI3gEQ_b3Lp-otCgkIHxC6vcun6i0KCQhfEP29y6fqLQoKCP8BEP29y6fqLQoJCD8Q_b3Lp-ot; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/sync; Domain=.3lift.com tluid=18011656065495753437; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/; Domain=.3lift.com
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

Content-Length
0
Connection
keep-alive
Cache-Control
public, max-age=900
Date
Mon, 25 Nov 2019 23:39:49 GMT
Last-Modified
Mon, 25 Nov 2019 23:39:49 GMT
Location
https://eb2.3lift.com/sync?
X-Rev
6432f44
X-Served-By
impression-bus3.us_east.prod
X-Cache
Hit from cloudfront
Via
1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C1
X-Amz-Cf-Id
t6wrFh9daOMuCsV3mhmy7yLuwMQET9-79icRuOPxVGGRp_lijQxaEA==
Age
220
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 39AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909185
X-Timer
S1574725410.483889,VS0,VE0
Vary
Accept-Encoding
Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 808E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
KRTBCOOKIE_699=22727-AATbBk67uM4AAC3dEMn3kA&KRTB&22744-AATbBk67uM4AAC3dEMn3kA&KRTB&22745-AATbBk67uM4AAC3dEMn3kA; PugT=1574725405; PUBMDCID=3; KRTBCOOKIE_80=16514-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22987-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22995-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&23025-CAESEOYiHYaELvcRWsA3DdahwSA; KRTBCOOKIE_218=4056-XdxnHQAAAILNUwxi&KRTB&22922-XdxnHQAAAILNUwxi&KRTB&22978-XdxnHQAAAILNUwxi; KRTBCOOKIE_153=19420-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH&KRTB&22979-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH; KRTBCOOKIE_279=22890-5fb4931b-0fdd-11ea-9060-49b32dc62b10; KRTBCOOKIE_1051=22884-18072662400211626725; KRTBCOOKIE_336=5844-7942069245001297458
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Last-Modified
Tue, 12 Nov 2019 06:59:02 GMT
ETag
"13006b6-97cd-59720c88c16d1"
Server
Apache/2.2.15 (CentOS)
Set-Cookie
KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14515
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=77741
Expires
Tue, 26 Nov 2019 21:19:11 GMT
Date
Mon, 25 Nov 2019 23:43:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
index.html
cdn.districtm.io/ids/ Frame 1EC0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
set-cookie
__cfduid=d3a284de5bcb633482509b090113307d11574725410; expires=Wed, 25-Dec-19 23:43:30 GMT; path=/; domain=.districtm.io; HttpOnly
cf-ray
53b77c3789ebe007-FRA
cf-cache-status
DYNAMIC
cache-control
s-maxage=1209600, max-age=14400
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
content-encoding
br
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 517E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909186
X-Timer
S1574725410.489717,VS0,VE0
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame B79F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909187
X-Timer
S1574725411.558432,VS0,VE0
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame 1A67 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
pd=v2|1574725410|mOsLgqgikin0fcmWiygu; i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
vary
Accept
set-cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574725410|rskimWfcvmsHqGgqmuiynIsLomgemOgunsn0oagi; Version=1; Expires=Tue, 10-Dec-2019 23:43:30 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
content-length
825
via
1.1 google
alt-svc
clear
index.html
cdn.districtm.io/ids/ Frame 56F3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
__cfduid=d3a284de5bcb633482509b090113307d11574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
cf-ray
53b77c3789fee007-FRA
cf-cache-status
DYNAMIC
cache-control
s-maxage=1209600, max-age=14400
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
content-encoding
br
Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame 6DC6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
KRTBCOOKIE_699=22727-AATbBk67uM4AAC3dEMn3kA&KRTB&22744-AATbBk67uM4AAC3dEMn3kA&KRTB&22745-AATbBk67uM4AAC3dEMn3kA; PugT=1574725405; PUBMDCID=3; KRTBCOOKIE_80=16514-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22987-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22995-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&23025-CAESEOYiHYaELvcRWsA3DdahwSA; KRTBCOOKIE_218=4056-XdxnHQAAAILNUwxi&KRTB&22922-XdxnHQAAAILNUwxi&KRTB&22978-XdxnHQAAAILNUwxi; KRTBCOOKIE_153=19420-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH&KRTB&22979-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH; KRTBCOOKIE_279=22890-5fb4931b-0fdd-11ea-9060-49b32dc62b10; KRTBCOOKIE_1051=22884-18072662400211626725; KRTBCOOKIE_336=5844-7942069245001297458; KTPCACOOKIE=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Last-Modified
Tue, 12 Nov 2019 06:59:02 GMT
ETag
"13006b6-97cd-59720c88c16d1"
Server
Apache/2.2.15 (CentOS)
Set-Cookie
KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14515
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=77741
Expires
Tue, 26 Nov 2019 21:19:11 GMT
Date
Mon, 25 Nov 2019 23:43:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
index.html
cdn.districtm.io/ids/ Frame 8DB3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
__cfduid=d3a284de5bcb633482509b090113307d11574725410
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
cf-ray
53b77c37fa86e007-FRA
cf-cache-status
DYNAMIC
cache-control
s-maxage=1209600, max-age=14400
last-modified
Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
content-encoding
br
pd
eu-u.openx.net/w/1.0/ Frame 3BD7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.167.2 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410; pd=v2|1574725410|rskimWfcvmsHqGgqmuiynIsLomgemOgunsn0oagi
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
vary
Accept
set-cookie
i=0fc2404a-cc15-0bcc-3699-02c710b15a61|1574725410; Version=1; Expires=Tue, 24-Nov-2020 23:43:30 GMT; Max-Age=31536000; Domain=.openx.net; Path=/ pd=v2|1574725410|rsj8gmkimWjotufcvmsHtlqGgqvtmuiyfQnIsLiSomgemOgusflEnsn0oagi; Version=1; Expires=Tue, 10-Dec-2019 23:43:30 GMT; Max-Age=1296000; Domain=.openx.net; Path=/
server
OXGW/16.167.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html
content-length
881
via
1.1 google
alt-svc
clear
iframe
mantodea.mantisadnetwork.com/prebid/ Frame 8A16 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404666&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-60&buster=1574725404666&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
"-816291178"
sync
eb2.3lift.com/ Frame 0E26
Redirect Chain
  • https://ib.3lift.com/sync?
  • https://eb2.3lift.com/sync?
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.209.134 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-209-134.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
cookie
sync=CgoIoQEQ_b3Lp-otCgoI4gEQur3Lp-otCgoI4wEQ_b3Lp-otCgoI5gEQur3Lp-otCgkICRC6vcun6i0KCgipARC6vcun6i0KCQgLELq9y6fqLQoKCM4BELq9y6fqLQoKCI4BELq9y6fqLQoJCHMQ_b3Lp-otCgoI1gEQ_b3Lp-otCgkIORC6vcun6i0KCQg6ELq9y6fqLQoJCBsQ_b3Lp-otCgoIvQEQ_b3Lp-otCgoI3gEQ_b3Lp-otCgkIHxC6vcun6i0KCQhfEP29y6fqLQoKCP8BEP29y6fqLQoJCD8Q_b3Lp-ot; tluid=18011656065495753437
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
570
set-cookie
sync=CgoIgAIQlL7Lp-otCgoIwgEQlL7Lp-otCgkICRC6vcun6i0KCQgLELq9y6fqLQoKCM4BELq9y6fqLQoKCI4BELq9y6fqLQoJCA4QlL7Lp-otCgkIFBCUvsun6i0KCgjWARD9vcun6i0KCgiaARCUvsun6i0KCQgaEJS-y6fqLQoJCBsQ_b3Lp-otCgoI3gEQ_b3Lp-otCgkIHxC6vcun6i0KCQhfEP29y6fqLQoKCN8BEJS-y6fqLQoKCKEBEP29y6fqLQoKCOIBELq9y6fqLQoKCOMBEP29y6fqLQoKCOYBELq9y6fqLQoKCKkBELq9y6fqLQoJCHMQ_b3Lp-otCgkIORC6vcun6i0KCQg6ELq9y6fqLQoKCPsBEJS-y6fqLQoKCPwBEJS-y6fqLQoKCL0BEP29y6fqLQoKCP4BEJS-y6fqLQoKCP8BEP29y6fqLQoJCD8Q_b3Lp-ot; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/sync; Domain=.3lift.com tluid=18011656065495753437; Max-Age=7776000; Expires=Sun, 23 Feb 2020 23:43:30 GMT; Path=/; Domain=.3lift.com
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

Content-Length
0
Connection
keep-alive
Cache-Control
public, max-age=900
Date
Mon, 25 Nov 2019 23:39:49 GMT
Last-Modified
Mon, 25 Nov 2019 23:39:49 GMT
Location
https://eb2.3lift.com/sync?
X-Rev
6432f44
X-Served-By
impression-bus3.us_east.prod
X-Cache
Hit from cloudfront
Via
1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C1
X-Amz-Cf-Id
3aqLuZAtNcVCtAbPMaHPyoduv-Cmx4hZF_1pXkEcIrgiKZEMeYuhXA==
Age
220
iframe
mantodea.mantisadnetwork.com/prebid/ Frame B446 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404517&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-60&buster=1574725404517&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
"-816291178"
iframe
mantodea.mantisadnetwork.com/prebid/ Frame 4784 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mantodea.mantisadnetwork.com/prebid/iframe?tz=-60&buster=1574725404030&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.165.42 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-165-42.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

:method
GET
:authority
mantodea.mantisadnetwork.com
:scheme
https
:path
/prebid/iframe?tz=-60&buster=1574725404030&secure=true&version=9&mobile=false&uuid=0fc61c14-84a3-45d3-876f-74f6a592ebf0&title=Buran%20Ransomware%20Infects%20PCs%20via%20Microsoft%20Excel%20Web%20Queries&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fburan-ransomware-infects-pcs-via-microsoft-excel-web-queries%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

status
200
date
Mon, 25 Nov 2019 23:43:30 GMT
content-type
text/html; charset=utf-8
content-length
332
x-powered-by
Express
vary
Origin
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
pragma
no-cache
expires
-1
etag
"-816291178"
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 0449 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
uuid2=8638635457441679355
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Fastly-Debug-Digest
e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length
506
Accept-Ranges
bytes
Date
Mon, 25 Nov 2019 23:43:30 GMT
Age
9640895
Connection
keep-alive
X-Served-By
cache-jfk8124-JFK, cache-fra19139-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 909188
X-Timer
S1574725411.578372,VS0,VE0
Vary
Accept-Encoding
Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame C2FA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
Accept-Encoding
gzip, deflate, br
Cookie
KRTBCOOKIE_699=22727-AATbBk67uM4AAC3dEMn3kA&KRTB&22744-AATbBk67uM4AAC3dEMn3kA&KRTB&22745-AATbBk67uM4AAC3dEMn3kA; PugT=1574725405; PUBMDCID=3; KRTBCOOKIE_80=16514-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22987-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&22995-CAESEOYiHYaELvcRWsA3DdahwSA&KRTB&23025-CAESEOYiHYaELvcRWsA3DdahwSA; KRTBCOOKIE_218=4056-XdxnHQAAAILNUwxi&KRTB&22922-XdxnHQAAAILNUwxi&KRTB&22978-XdxnHQAAAILNUwxi; KRTBCOOKIE_153=19420-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH&KRTB&22979-ymhpcMk7PHfSOzxyyDwgI8huayvSaD5yyG23g-dH; KRTBCOOKIE_279=22890-5fb4931b-0fdd-11ea-9060-49b32dc62b10; KRTBCOOKIE_1051=22884-18072662400211626725; KRTBCOOKIE_336=5844-7942069245001297458; KTPCACOOKIE=YES
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/

Response headers

Last-Modified
Tue, 12 Nov 2019 06:59:02 GMT
ETag
"13006b6-97cd-59720c88c16d1"
Server
Apache/2.2.15 (CentOS)
Set-Cookie
KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14515
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=77741
Expires
Tue, 26 Nov 2019 21:19:11 GMT
Date
Mon, 25 Nov 2019 23:43:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
sync
pixel.advertising.com/ups/56465/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.62.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-62-210.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Mon, 25 Nov 2019 23:43:30 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.201.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-154-201-99.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 25 Nov 2019 23:43:30 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
200
cache-control
private,no-cache, must-revalidate
content-type
image/gif
content-length
70
sync
pixel.advertising.com/ups/55965/
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=mNuqvpuI_O-Ah6i4lY7j6MmN9--Ah__sndne_RnA
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=mNuqvpuI_O-Ah6i4lY7j6MmN9--Ah__sndne_RnA
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.62.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-62-210.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Mon, 25 Nov 2019 23:43:30 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Pragma
no-cache
Date
Mon, 25 Nov 2019 23:43:30 GMT
Server
QS
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&gdpr_consent=&uid=mNuqvpuI_O-Ah6i4lY7j6MmN9--Ah__sndne_RnA
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 04 Aug 1978 12:00:00 GMT
current
aol-match.dotomi.com/match/bounce/ 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A5ec8d296-0fdd-11ea-8703-12f0dd10f918&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1400 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Mon, 25 Nov 2019 23:43:30 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| freestar object| apd_options function| gtag object| dataLayer object| elem object| scpt function| __cmp object| google_tag_manager string| GoogleAnalyticsObject function| ga object| cnxUmm object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval undefined| _ object| fsdata function| load_script object| googletag object| fsprebid object| adsbygoogle object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| cnxPageGuid number| spp object| cnxJSONP_c6c588bb0c7d9cd933a01574725402217 object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad boolean| _gfp_p_ function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_t12n_vars function| Blazy object| fixto function| validate_comment_box_not_empty function| cz_strip_tags function| cz_br2nl function| editForm string| loginhash boolean| main_nav_hide_flag number| scrollTop string| main_nav_hide_timer function| call_main_nav_hide number| cz_header_pos number| prevScrollTop object| jQuery111104149711997582781 object| closure_memoize_cache_ function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _typeof function| ownKeys function| _objectSpread function| _defineProperty object| _0x3e65 function| _0x231c object| BT object| BT_PAGEVIEW_MAP object| blockthrough object| BT_RETRY object| BT_REDIRECT_RULES function| loadDeferredStyles function| raf function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_share object| addthis_config function| __cmpui function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| google_iframe_oncopy object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired boolean| __@@##MUH object| apstag boolean| google_noFetch object| confiant object| oattr string| btID function| fsprebidChunk object| __core-js_shared__ function| JSEncrypt boolean| apstagLOADED function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| _atw object| cnxJSONP_5cf7823c319e82b0c1961574725402603 function| tryGetConfig function| o function| e function| t function| btjsonpcallback1574725403014 function| btjsonpcallback1574725403065 string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks string| mantis_uuid object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| TRC number| taboola_view_id function| cnxAddEventListener

15 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
www.bleepingcomputer.com/ Name: _fsloc
Value: ?i=DE&c=
.bleepingcomputer.com/ Name: __beaconTrackerID
Value: axlmo9gl8
www.bleepingcomputer.com/ Name: __atuvs
Value: 5ddc671aeebe3d5f000
.bleepingcomputer.com/ Name: _ga
Value: GA1.2.667475525.1574725402
www.bleepingcomputer.com/ Name: fssts
Value: false
www.bleepingcomputer.com/ Name: lav
Value: 7233
.bleepingcomputer.com/ Name: _gat_gtag_UA_91740_1
Value: 1
.bleepingcomputer.com/ Name: session_id
Value: e27cb586c59c2e12df19d2c2491630e4
www.bleepingcomputer.com/ Name: _fssid
Value: ba654120-d5d3-4c9e-a42e-94c5924b991d
.bleepingcomputer.com/ Name: _gid
Value: GA1.2.900781286.1574725402
www.bleepingcomputer.com/ Name: __atuvc
Value: 1%7C48
www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries Name: fsbotchecked
Value: true
.bleepingcomputer.com/ Name: __cfduid
Value: d3ebc3e2fad42be95e4c620f5511255d41574725401
www.bleepingcomputer.com/ Name: _cmpQcif3pcsupported
Value: 1

8 Console Messages

Source Level URL
Text
console-api warning URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1)
Message:
Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api log URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 19)
Message:
Video gallery initializing
console-api warning URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js(Line 1)
Message:
Unable to get NonIab Vendor list.
console-api error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019111801.js(Line 1)
Message:
Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api info URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411)
Message:
Powered by AMP ⚡ HTML – Version 1911070201440 https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/
console-api warning URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 19)
Message:
[amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pagead/adview?ai=CgxfvHGfcXfh4ktaAB_PwoNAC48_1nlqOtrb_gQqZzJnclw4QASDa18U5YJUCoAHS-MviA8gBAeACAKgDAaoEyAJP0Fb3ByzqRYIewc_tkr-Lj11tT6aeP10sIQ8vK6iSDD9TCK53P8ZOHPT8VJqzKOk9baMQi2HX7pCG7-LoX7l6X-2xzLkhhBrryOb7nWaUEpqJw4EzCJ5nflgbobuQNjFi3O2qWf9HKVcXS8pYOBeD8vokvAMkYldYYcXy30WuYGaime0puiRn7fgMXLF0p6eEQSfIfJsEM-8cmSN7r3cRuElhqkX-5uDEORPKhhlOQuOEK67ZhzdSu1xQdFE5Q1FWQuMLuOepowFseIHMMGbTMk70wcD-A5Z2Fv96FTviRjcR4rOTEPORfamoyPE0CxQTQ5QL9b7A53Ygqw1HW-7bF8E5No3BIwfq4QTu9Xgj1AdyfhyLmNgOFj0a-846TPxRkZXo7zRuKsp2InWlZ71H5P6jNsMdg7FJfEh7T6Q6-Da8-WlMsqRpwAS8jPj8hgLgBAGAB4GI1kOoB47OG6gH1ckbqAeT2BuoB7oGqAfZyxuoB8_MG6gHpr4bqAfs1RvYBwHyBwQQ8KAO0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoD2BMDiBQE&sigh=pvrnWvc9QfQ&vt=1&template_id=5001
console-api log URL: https://analytics.webgains.io/clk.min.js(Line 1)
Message:
W-IT I
console-api log URL: https://analytics.webgains.io/clk.min.js(Line 1)
Message:
W-IT I

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8019191.fls.doubleclick.net
a.pub.network
a3226.casalemedia.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.creative-serving.com
ads.programattik.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
aktrack.pubmatic.com
ams.creativecdn.com
analytics.webgains.io
aol-match.dotomi.com
api.quantcast.mgr.consensu.org
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
bh.contextweb.com
biddr.brealtime.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.connectad.io
cdn.districtm.io
cdn.taboola.com
cdns.connatix.com
cds.taboola.com
ck.connatix.com
cluster-na.cdnjquery.com
cm.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
core.connatix.com
creative-a.akamaihd.net
creativecdn.com
cse.google.com
d.pub.network
diapi.webgains.com
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
g2.gumgum.com
googleads.g.doubleclick.net
graph.facebook.com
hal9000.redintelligence.net
hal900010.redintelligence.net
hb.emxdgt.com
hbopenbid.pubmatic.com
i.connatix.com
i.connectad.io
ib.3lift.com
ib.adnxs.com
images.taboola.com
imprammp.zorosrv.com
mantodea.mantisadnetwork.com
match.adsrvr.org
match.taboola.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
protected-by.clarium.io
px.powerlinks.com
quantcast.mgr.consensu.org
rtb.connatix.com
rtb.mfadsrvr.com
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
stags.bluekai.com
static.quantcast.mgr.consensu.org
sync.mathtag.com
tags.mathtag.com
tlx.3lift.com
tpc.googlesyndication.com
track.webgains.com
trc.taboola.com
trk.connatix.com
ups.analytics.yahoo.com
v1.addthisedge.com
vendorlist.consensu.org
w-it.m-t.io
web.hb.ad.cpe.dotomi.com
www.11teamsports.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
www.storygize.net
x.bidswitch.net
z.moatads.com
104.16.68.69
104.17.119.107
104.20.60.209
104.26.13.6
13.224.196.41
13.224.196.47
13.224.196.64
13.225.78.121
13.225.78.58
130.211.13.252
138.201.63.145
143.204.90.242
144.76.104.53
151.101.114.2
151.101.114.217
151.101.114.49
151.101.12.166
151.101.13.108
151.101.13.140
151.101.13.194
151.101.14.2
151.101.14.217
151.101.14.49
152.199.22.24
172.217.16.162
172.217.21.230
172.217.23.134
172.217.23.98
18.195.61.72
18.195.86.132
18.196.104.43
18.196.229.216
18.197.235.0
185.184.8.30
185.29.135.234
185.29.135.48
185.64.189.112
185.80.38.195
192.132.33.46
2.16.186.90
2.16.31.65
2.18.233.180
2.18.233.201
2.18.234.21
2.18.235.40
2.21.36.164
212.71.236.117
23.37.55.184
23.67.136.71
2600:9000:20eb:ba00:9:46dc:4700:93a1
2600:9000:20eb:d400:9:352d:a240:93a1
2600:9000:21f3:1400:1:af78:4c0:93a1
2600:9000:21f3:e00:9:46dc:4700:93a1
2606:4700:10::6814:9174
2606:4700:20::681a:8b
2606:4700::6810:a827
2a00:1450:4001:800::2004
2a00:1450:4001:808::200e
2a00:1450:4001:815::2001
2a00:1450:4001:818::2002
2a00:1450:4001:819::2013
2a00:1450:4001:81b::2001
2a00:1450:4001:81b::2008
2a00:1450:4001:81f::2003
2a00:1450:4001:820::200a
2a00:1450:4001:824::2002
2a00:1450:4001:824::200e
2a02:fa8:8806:13::1460
2a02:fa8:8806:16::1400
2a03:2880:f01c:800e:face:b00c:0:2
3.223.253.153
34.206.108.72
34.210.250.157
34.95.120.147
35.157.209.134
35.188.71.214
35.210.215.44
35.226.36.58
37.252.173.27
40.113.136.100
46.236.13.147
52.209.131.99
52.29.223.223
52.29.62.210
52.58.48.163
52.58.61.157
52.72.165.42
52.86.189.110
54.154.201.99
54.236.131.34
69.173.144.138
69.173.144.142
81.29.72.47
91.228.74.134
012526c4091faf25235c9b7a8d15456afe9da38bb98f9d82d392eb302ff33673
013e17377e2b64238f7892aa1f3bbaa8f7308554a35980e53cb13c1bae31cbc0
03b07f320a1692a2d507465027fffaa6560d19d248c33bb6a5f2c97b75680c1d
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0814c2f8fe637b6fe2f403b5a9f1f730b3ea7e4ea864d72b6955262b3de63cfa
0a26970ba5d78716c811a267eca458f6edef324f120b50707406dc09aa19c793
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0e946b0ee0337cf23c845f67a238e1fefd5f1e014fdbd8ea27870172fcedd40f
0f34aa7a8accd4fa20f86f9aa8d2ddbb97d8310dce23b7f393b857cc53774bc4
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
11185aa1c200d60a92a45416860b08e46466f3fff71d320764837ab35831fad6
11db0827427c63082bcd5a290b77cd158191195e8966adf2ff4eca08cdb549fa
136c93ce8f48f12798d63b5e5cf2092760a40037ac6fa3ab99da68e2f5c55914
1412d7245072504d1975da264074e475485b5bab1edab58938a536542a4f3dd5
166d1031506210d3723ed28f498fcc4739516be7f5ce2d98ce219f3aa43f2166
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32
1a8200dfc0502b72d514479ec63570604e1a02b1313732b10e53ce0da745f338
1b45344cb1a6e6eebc0669e885eb7d3b7ffa17c604b2e19cb41234ce11d055d4
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d89405054b0eccfd66baa763bf4781b8dff83824636284b79800ecdc25579f1
1de1fe8f127a6b08e226cb40f043ba5d33ab0ff897bf1dea45dcc0db22f0dbf6
20d2cb2691e261ada55a9c4d60c663479277d651d9b8d6d768ede5870c3b5993
2153566030048e114b89d42f16a36849e5e7df22236379c182fa196315e20f0f
21775cf9630b1877e2c01a1d2a808cefe08e9077d85cb86eb9cb829c3cb3acd1
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2322d9b3ebe9b47193b759377f765650a6c8599083bd018e7e1d8e14600c0857
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11
23f5a3eca6fec1f8380dd45a87da65ee9ab4c93d4602403dc26b18e2afeb201f
24db670c49c79c835a806b82346875af160acdeff1f99f97808b2f9e03bffc4c
25ced16e78de34eafb1275b88f6be61ee46e79f2f469e6e94661bb21b3a0d7bc
267deb4a931743610d9aa55f64ce5947ac2c674924c114e558082b9f5e59d800
29407dab7bfc70257bdb18f8f784b9c0608c69f8290b750618feee47dd1bddcc
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2e3f01df6405536b7bd16b82eff1294a6d1d34953aabc32b4c16fcd1f348306f
2e89d05aa707ef50089f8a48be14b940e4ec93da9e9dc39a7c21c84df062f552
2e8cb8892dab9e90ac1f3302fbf051fe00a4097481230cfee6b7422642d2cdb5
2efb1a8b0e26f82d711770092e59f8fbc4469bce3379ee442acfdb6c8489041c
31599bd9e4ff896253e27ec0f4e6a210187cd477d38c9a5088627a13ee3ed769
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
32d754dccf95583f21da14546fef944665eec23668cbf7dac5119f4c73bf740f
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
354f842c01640d8b56b0546f710bfe5aab2c081e6adfd3385672cec97c1812c6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
372c428c60e16c0b6a164da99f659463acdae7eee722e78ea445222c98592bae
37f0c474a2e2914d9f868b11192ae9f12171e5b6d112626bd6b1302e6c1aed68
3adfe7a9a1f11f449f503e78371096370444770b29469d80d5d133e218ccf47b
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3b913f34940f811b522449f65356c7c9fbafda6fd7582859f1076e1bf8a56316
3ba6d68a3b877b1f5607cf9600430eb206a22a09f1d32acbe0e51fd64ceb18fa
3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e
42a8243aad77b837d0380ad05123048f64ce30249c672f603ae99363f103aaa5
4753bc904ab374fd1a1350fb0b1824c1a2c80a8d94bf7fb0d19271358016f303
491769c67c950fbb85caaae400e304ecc203b81689f64ffdc8f239fcdb305e2f
4cae697d304b6cae1bb457589d549ec39239ca1d1e32bd7201200cb7562eeb32
4e720804ff4314f1a7c70173d456594cc37b97d284072f8763294f5d1fee8d58
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
51075049494e76844c0beaf83dfaa5bf57b47ed8163f0cf13f9d0c60f3ab138e
53f9e9af471a0ecbda08c1a5cf97db455eb442124beddbc0c8fd3878b7243c99
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
568503677ef49a7cf748894316d6f4e7c91ad521a4d2e915ebdef6bd677c0afa
57b6b8a2b730f0515d2334dabadbbdbec64c91bfed643a842b0549617b11b894
57e2a748f9e3f89e9b33e19182c2c1cf0d90c32fd86fd7cf551cb6637379ab15
5947b0a373e357aae458c80fffb1e33ed1a252e579fdb9a2dfec13b395360e20
59d08a090ac476a0401b85e0f51028531efa6d0bb917454a5ee8727c43949aa8
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5adcd2daf0ed89d2b246f0d8a34a3f91166a53bc0cea17504aaa42f008feb97b
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d44e949fc57f3018637d05c238a847f7cf3fc789a08a5ccdf65ad9f54c02849
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5e614a218b9f68462c9feacc952ce835369a03c653ad19cb55c4de8a73346219
5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e
6120ff1b2ec245c78ca5c297681913ccb0095158efe38edc1427ca7e9b7e01ed
66aff1522e84087d9e91ec11610257a785bf9cc413dcaee2a2048bfcc2f27732
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
69b2725dd65ad3ccc87f8b8b7d2ebd2452a7bd3151af4c67a8dab9999073898c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
715dbc2f24d723444f162dc2cc8e7c334ad85e5a180f1655e93fbd95ea8c920a
71d7ea78737de87d96a606f17f69f0a8613fefe24ca4883fbb931bd0037a95bd
71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
78543a133b9e96dd14aef9fdc2c36462018a55683ce4b4ed6e0bdff1451d64c0
79f4d655eaa6638ebe79eec6fad2f69fce2c70fa6c20d59670bdd5225f4f1c7c
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
7a53d4df190d658e52a1fbcea3fdda92433c812e35bb7a789876ff1c75ddb4bd
7b464ae6b9abecfd1a9431ac6b97475e95b39660451a8f0dfc2401b07d63042e
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d1bc17a54d679297a083dcbb87ace533b40de8cde400de25450a0632e2e7a97
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7dca9338d8f5830b8fbe837cf92eb809f6b54fc7aa7a0037bbf188adf1f37baa
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81817ff7cc19993b48aac7a8f7e488b97620e96752483df5956afa6027ab7180
823f9dc89bfb72a1d74fd880732b47f44dde3eb5ea76b7be4aa7d4a09e8edc92
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845e573dc78098daf8f6e463df7c91f149d69cb2de24a839159f7df91989a3c4
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
85fde5471434e022d3412c2759d00b244df208574fbc91c1f114a43355b1f546
866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
888ed9fe6f1584075c12e74f4a5308e3296a96d83be960d159db7c50f073aa81
88fba7b2621af8e55bacf8d97cbf48c22ac9c057305601cf16c6694e8a65639a
89242fc9333acaaaef76dace8bb3a74c92fc4744beb55b1b1da139e4cfdf37c3
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8a678407d6b0f71f89cb17d9b193ecddcc05f0a2b50e03b700da73913f0690bc
8b696dbdc3872dc9dc793e2ad63e5076560acf9e33cf4e242b29cabca639a475
8b6c1ebf15af923d4daab153d485984760a35880259fa35d83825016f9359ca7
8c0c2d131c5a7fc6c78cb9a3c12fbea9575cd32784af42082371c57f32966e99
8c384b845493e6f826bb631e297ecdcec6a2e86452de772e9f4f5d44985e4671
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dbb9cc6ffe88a4dfb1943ce8108ff5075577c4e9ac9da48de3a5910039d6938
90833c2e3bea976b5fb512f276dec104c12edd8dfd62f034e946f420de3ffbf9
92596d3a813f93494b62ee3f49892b17bd38f1f7748f5dc92d541ec819aeb644
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9320d85313c26732a953d3075605c30877bdc240534cb5028b87cd78fba51ef3
93534d58901589a69bbc2eb7676c599410c12dc4de5a8ee87d25e8bf51d9b41d
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
94bdeaea0d33cb654b89540e96e02fe28afceb1624d8ed58f7a43f3609fb4a17
9711307c9bb17e0a1b4c663e7a6a419af52dcf31793fb54958b18ceaceff413a
98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2
9a5fa27c0800acd371486a514da172e7d0cdeffa4118a711c24eece7286481c1
9a91af85c1428c1e67eeb6c09ee7ed0102dc87125cc6b4ad6580d2ae9410c1f0
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9e82c2fae6f37c0e7509c8bad793a9736033073d8bdbfa5be80b0453abe34e05
9ffb432f329093192b74b40bb865919719917bc45dc3631b4dba63f576cea460
a00d8ffa45611c04d84361ae0d37d38da8be0e11dfde738f4142a97f32b752eb
a05f8ebc1588636c739d07e68a1a729a74d12e7a46061faefc488a4d93118d6a
a1af15b17fd7099b2d3a81a8b3aeffd94b26d2c1a58489c3903e11ec5a4896d3
a1ff5fe4ae718314b3589c7afd949e0d021d20f681c8417439c6e96559996595
a64a8101880c1fc037d98afb18968667121af077156c0a4689285ed352b8ab68
a75e7cf1580ff58ce7e4c701b4cdc720e034d17a879b9bea1aafdb3f904585e1
aa3a249cabad1f76bb1aa4325dee2bd1d9bdd736b6e07349344958162b1a0458
aaf366ed206369e4ea7b3fa9c670390c5404525e4ed062987f26ac1cf84dcdcb
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
acfa1f03ac087fc08ca7389b23f01c47b31c6d00d412a21d9342af3c070fff57
ad5e5284274bdd81ef50f0e0e941aef3e4ef1c0c3a8ac94df6940529f51cc065
adc5fb1e70389b376b2841d0e9830b5d1a8f26d24156bb32077aa38c14d7846e
b0584bdb1b668f84289235c7bcee3691d3b48750ffc690344269592390555380
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b198f6c8ffd50a477f7dea4911bcbeb614271d080084eb189c30716ef24af5db
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b3ff4f3fa46204a1ec84dd739b4ca119b189d8526c78f513ea320cae27addf33
b593c1c0eb2d734dec2e5bf3bfd897a7a54baded2cea6aea1119e50559932060
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf2317a03cf3c9ae2d7eed5dd93b08734655f2ff29c5a1b7e86b0b42217b7798
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c237e0ee4bb4f57215b8ea2c46b4c70b62bfdc6753cc019971ded30e06c96246
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c4405054dff1040cf4914e27f544f02dc63fec0e12695ea76b7ce98b8605a7b1
c6ac75a73b23c024ef5b97e94afcd3a69f60b03cef69827693e09bcbf9d9a52a
c8444ac3b0379ce828317141c6128d128bcd5418ad3e4e9bd1be1ecadccc1095
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
cbbe161be1a2476807ffce9da4abdbbeed1d6d8416a2af05bdaba989efa45db1
cd2a9da78d6436d5ffa49115fbe8029fc1019c3b92d674fd5c4a221e8f21bcce
ce75cc6e17414986d2998d77e286b21ffb4d5da584321daee0e0b6023db9782b
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830
d4c91dc61e8776136362684b0ecf707fa3a25620c121fc3a742a3f51eb97a79a
d5d209535394ad05aa1650016515f95f0323501b35b9cdba891735c3b22240c2
d7ea9d5923ac4ae35170ce776a3b13689db4d11bc4f217d9413cfaca725ded50
d96f46702904297c273df72531d88f4cf84477b44d4cd94deaee1059165ad43d
dac702bbb288a8038c909915b51f4423c7c52826395f824682a0218935f240b1
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd67767c31dc810b77952c560b17434acdcf7037101f63d20994ae7960ea5076
e38ef263af60c87a55d3d7e7220215548ffb47fb5329fe7e0eb950c0f641d5d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45a7fad51ee71886b3cc07316278924e578d563394eab50aca328a233a8b81d
e48c4975b293be404aa17aca3844095d270597494ffabe5316cad8c3e45d5004
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
e59954e78913cf966790e1ee3fdeae7bfe81ff47b1fd7e6e8405fdb36843dc69
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ee9b2fe75e3a5637b840957e2f9aefedb394224a1846a731ad7ead76abf91d58
eef6cabe50d6a2e1cad1149deae167570386ad4d083f64317c6e850a7c83c698
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3d32ea9a9fa05f8170d164890b55e15ce39157bb9ae7e96b047c1996d22a8b
ef4893202fb82d1b83bedced304a1b0df705e8500c1669803daea22fe51d91dc
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
f0fea544bb4b001cbf611fef9ded878352e5cff7931047dd9b2cff91ae69daa2
f238c548669c19b2fde5ed6d83a8428fc97413937d28b81ae1178f0a7f988fd5
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61
f70d0f0ef054b248cdab06a1eb5d948b671f3d4ea2091cc81202856f11f2a205
f72d7f33fa2dbfd60a75bf0a1f09f266bc0f96aacec7e90867f90117be1458d7
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
fd3f8873b342d61d8b49c5a80427713aa58f6291932bd68fe63dc252e17d18ad
fdf7f437a6e5f1cdb174133f53d1f678b4c49de634dad6ee44ff305cd90f7fae
fe9783994b056324e61c339aac8a5c0dcd47daf47e7b25f242b255c8a0c456db
feb1412888371e9055ad0bc15ab779a92273b8a8557f87266726bc77bd1adcac
fee08e8543fc6dd933d72ac2f4292759e2841a0cc84a985b99c64081bca5fc42
ff1e641dab1d9c74b127f771c4ce8bb229bc2250d918ca546a41f985e070be8a
ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8