www.geoedge.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://go.geoedge.com/e/384522/-impostor-malvertising-attack-/bnxr3k/1480157732?h=ak82WAmjWc2ipbR315gdNwZal_NRf6-6okX2...
Effective URL:
https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Submission: On January 20 via manual (January 20th 2021, 3:38:02 am UTC) from IN

Summary HTTP 126 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 31 IPs in 6 countries across 23 domains to perform 126 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.geoedge.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 29th 2020. Valid for: 2 years.

This is the only time www.geoedge.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	35.174.78.146 35.174.78.146	14618 (AMAZON-AES) (AMAZON-AES)
68	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE)
1	65.9.73.2 65.9.73.2	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	3.227.227.165 3.227.227.165	14618 (AMAZON-AES) (AMAZON-AES)
1	23.111.11.71 23.111.11.71	33438 (HIGHWINDS2) (HIGHWINDS2)
4	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE)
1	13.224.194.79 13.224.194.79	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	13.224.194.78 13.224.194.78	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	54.171.249.106 54.171.249.106	16509 (AMAZON-02) (AMAZON-02)
1	94.31.29.64 94.31.29.64	33438 (HIGHWINDS2) (HIGHWINDS2)
1 1	13.224.194.51 13.224.194.51	16509 (AMAZON-02) (AMAZON-02)
11	65.9.73.93 65.9.73.93	16509 (AMAZON-02) (AMAZON-02)
2	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES)
3	75.2.88.188 75.2.88.188	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:f... 2600:1901:0:f651::	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE)
1	13.225.80.116 13.225.80.116	16509 (AMAZON-02) (AMAZON-02)
1	143.204.94.58 143.204.94.58	16509 (AMAZON-02) (AMAZON-02)
126	31

2 35.174.78.146 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-5-ue1.aws.pardot.com

go.geoedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.geoedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.73.2 (Seattle, United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.227.227.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-227-227-165.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.11.71 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.79 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-79.fra2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.78 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-78.fra2.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.249.106 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-249-106.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.64 (United Kingdom)

ASN33438 (HIGHWINDS2, US)
PTR: 94.31.29.64.IPYX-077437-ZYO.above.net

150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.51 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-51.fra2.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 65.9.73.93 (Seattle, United States)

ASN16509 (AMAZON-02, US)

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 75.2.88.188 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: ad8b87a22ce463223.awsglobalaccelerator.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:f651:: (United States)

ASN15169 (GOOGLE, US)

api.ipregistry.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.116 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-116.fra2.r.cloudfront.net

static.intercomassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.58 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-58.fra50.r.cloudfront.net

gifs.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
70	geoedge.com 1 redirects go.geoedge.com www.geoedge.com	1 MB
12	intercomcdn.com js.intercomcdn.com gifs.intercomcdn.com	1 MB
7	googleapis.com fonts.googleapis.com maps.googleapis.com	128 KB
4	intercom.io 1 redirects widget.intercom.io api-iam.intercom.io	6 KB
4	gstatic.com fonts.gstatic.com	49 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	62 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	ipregistry.co api.ipregistry.co	2 KB
2	pardot.com pi.pardot.com	4 KB
2	facebook.com www.facebook.com	350 B
2	google.de www.google.de	214 B
2	google.com www.google.com	214 B
2	doubleclick.net stats.g.doubleclick.net	158 B
2	facebook.net connect.facebook.net	92 KB
2	googletagmanager.com www.googletagmanager.com	82 KB
1	intercomassets.com static.intercomassets.com	5 KB
1	netdna-ssl.com 150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com	3 MB
1	reddit.com alb.reddit.com	125 B
1	omappapi.com a.omappapi.com	63 KB
1	quora.com q.quora.com	421 B
1	redditstatic.com www.redditstatic.com	6 KB
1	licdn.com snap.licdn.com	2 KB
126	23

	Domain	Requested by
68	www.geoedge.com	www.geoedge.com
11	js.intercomcdn.com	widget.intercom.io js.intercomcdn.com www.geoedge.com
6	maps.googleapis.com	www.geoedge.com maps.googleapis.com
4	fonts.gstatic.com	fonts.googleapis.com
3	api-iam.intercom.io	js.intercomcdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	api.ipregistry.co	www.geoedge.com
2	pi.pardot.com	www.geoedge.com pi.pardot.com
2	www.facebook.com	www.geoedge.com connect.facebook.net
2	www.google.de	www.geoedge.com
2	www.google.com	www.geoedge.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	px.ads.linkedin.com	1 redirects www.geoedge.com
2	connect.facebook.net	www.geoedge.com connect.facebook.net
2	www.googletagmanager.com	www.geoedge.com
2	go.geoedge.com	1 redirects pi.pardot.com
1	gifs.intercomcdn.com
1	static.intercomassets.com
1	widget.intercom.io	1 redirects
1	150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com	www.geoedge.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	alb.reddit.com	www.geoedge.com
1	www.linkedin.com	1 redirects
1	a.omappapi.com	www.geoedge.com
1	q.quora.com	www.geoedge.com
1	www.redditstatic.com	www.geoedge.com
1	snap.licdn.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	fonts.googleapis.com	www.geoedge.com
126	31

This site contains links to these domains. Also see Links.

Domain
pangeopro.com
site.geoedge.com
twitter.com
www.facebook.com
www.linkedin.com
geoedge.com

Subject Issuer	Validity	Valid
www.geoedge.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-29` - `2022-01-28`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
*.quora.com R3	`2021-01-17` - `2021-04-17`	3 months	crt.sh
*.omappapi.com Go Daddy Secure Certificate Authority - G2	`2020-03-16` - `2022-03-16`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.netdna-ssl.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-18` - `2021-03-18`	a year	crt.sh
*.intercomcdn.com Amazon	`2020-03-29` - `2021-04-29`	a year	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
*.intercom.com Amazon	`2020-05-13` - `2021-06-13`	a year	crt.sh
go.geoedge.com Let's Encrypt Authority X3	`2020-11-24` - `2021-02-22`	3 months	crt.sh
api.ipregistry.co GTS CA 1D2	`2020-12-02` - `2021-03-02`	3 months	crt.sh
intercomassets.com Amazon	`2020-08-15` - `2021-09-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Frame ID: D7C3CB1FF5DFFDFF4137487DB8754E52
Requests: 117 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: A095EF436C14D6888533F417A7243766
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Frame ID: B4E8AF655B7FCDE4FB43EDD9A73E0A30
Requests: 10 HTTP requests in this frame

Frame: https://js.intercomcdn.com/images/dismiss.249568e7.png
Frame ID: D577BE99263652E49BDA6B02E8B9A88E
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://go.geoedge.com/e/384522/-impostor-malvertising-attack-/bnxr3k/1480157732?h=ak82WAmjWc2ipbR3... HTTP 301
https://www.geoedge.com/ransomware-impostor-malvertising-attack/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

Page Statistics

126
Requests

100 %
HTTPS

50 %
IPv6

23
Domains

31
Subdomains

31
IPs

6
Countries

5805 kB
Transfer

14941 kB
Size

12
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://pangeopro.com/
Title: Proxy

Search URL Search Domain Scan URL

URL: https://site.geoedge.com/login
Title: Login

Search URL Search Domain Scan URL

URL: https://twitter.com/MrLiranLavi/status/1349419869394104321

Search URL Search Domain Scan URL

URL: https://twitter.com/MrLiranLavi
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/hashtag/Browlock?src=hashtag_click
Title: #Browlock

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GeoEdgePro

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/geoedge

Search URL Search Domain Scan URL

URL: https://twitter.com/GeoEdgePro

Search URL Search Domain Scan URL

URL: https://geoedge.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://geoedge.com/terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://go.geoedge.com/e/384522/-impostor-malvertising-attack-/bnxr3k/1480157732?h=ak82WAmjWc2ipbR315gdNwZal_NRf6-6okX2Bx2td0M HTTP 301
https://www.geoedge.com/ransomware-impostor-malvertising-attack/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D160602%26time%3D1611113863428%26url%3Dhttps%253A%252F%252Fwww.geoedge.com%252Fransomware-impostor-malvertising-attack%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&liSync=true

Request Chain 101

https://widget.intercom.io/widget/ucmn5ml0 HTTP 302
https://js.intercomcdn.com/shim.latest.js

126 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.geoedge.com/ransomware-impostor-malvertising-attack/
Redirect Chain

https://go.geoedge.com/e/384522/-impostor-malvertising-attack-/bnxr3k/1480157732?h=ak82WAmjWc2ipbR315gdNwZal_NRf6-6okX2Bx2td0M
https://www.geoedge.com/ransomware-impostor-malvertising-attack/

196 KB
29 KB

219ms
191ms

Document
text/html

141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a1f922427c2cc76d295f23268675e82ed3465b71dbbb6fc06633cfd2c1010760

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

:method: GET
:authority: www.geoedge.com
:scheme: https
:path: /ransomware-impostor-malvertising-attack/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dca95b7de2bcb5b77239eba04a1173c3f1611113862; expires=Fri, 19-Feb-21 03:37:42 GMT; path=/; domain=.www.geoedge.com; HttpOnly; SameSite=Lax
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-pingback: https://www.geoedge.com/xmlrpc.php
link: <https://www.geoedge.com/wp-json/>; rel="https://api.w.org/" <https://www.geoedge.com/wp-json/wp/v2/posts/12765>; rel="alternate"; type="application/json" <https://www.geoedge.com/?p=12765>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 2
x-cache-group: normal
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: DYNAMIC
cf-request-id: 07bf77ac8f0000d6d5ff1c3000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6145c2274d1ad6d5-FRA
content-encoding: br

Redirect headers

Date: Wed, 20 Jan 2021 03:37:41 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id384522=767732110; expires=Sat, 18-Jan-2031 03:37:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id384522-hash=947ae86d8d7c1acde57ac9eee8482c61c9087f2cf60fd510d225cce2d300ea1f0946c8f57e6bf9e5f1b5125301a2c05a6d77c8e0; expires=Sat, 18-Jan-2031 03:37:42 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Location: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: max-age=63072000
Expires: Fri, 20 Jan 2023 03:37:41 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 127
Content-Type: text/html; charset=UTF-8
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
Server: PardotServer
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Connection: keep-alive

GET
H2 200 style.min.css
www.geoedge.com/wp-includes/css/dist/block-library/ 50 KB
7 KB 35ms
30ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Dec 2020 12:21:40 GMT
server: cloudflare
age: 145534
etag: W/"5fc63554-c8e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2288ea8d6d5-FRA
cf-request-id: 07bf77ad5a0000d6d56ab7d000000001

GET
H2 200 rs6.css
www.geoedge.com/wp-content/plugins/revslider/public/assets/css/ 59 KB
12 KB 32ms
28ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.14

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8215fb8f99029767d8081516dd5c245f65f3a5c3bd78fdec0d9889b0f549703f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Sep 2020 19:49:02 GMT
server: cloudflare
age: 145533
etag: W/"5f4ea5ae-ea2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2288eaad6d5-FRA
cf-request-id: 07bf77ad5a0000d6d5ef2ab000000001

GET
H2 200 blog.css
www.geoedge.com/wp-content/themes/scape/library/css/ 23 KB
3 KB 31ms
27ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/blog.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8dce86110cd38f829e33dc3173e613a62394b7493745d40626b7e85a7549d82

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 143396
etag: W/"5ff2d95e-5a6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eabd6d5-FRA
cf-request-id: 07bf77ad5a0000d6d52082d000000001

GET
H2 200 module-share.css
www.geoedge.com/wp-content/themes/scape/library/css/ 39 KB
3 KB 47ms
43ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/module-share.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

531ebcdc1266cc339d758081298765fe57632b9643e4fafefa55586aa9c06ba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 143396
etag: W/"5ff2d95e-9cb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eacd6d5-FRA
cf-request-id: 07bf77ad5a0000d6d52f3c9000000001

GET
H2 200 app.css
www.geoedge.com/wp-content/themes/scape/library/css/ 2 MB
97 KB 45ms
41ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/app.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0d9645e5b539db9cca3b3f5bf1614bbe8d9ec82892602698e7c08fee539354c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145533
etag: W/"5ff2d95e-19efbd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eadd6d5-FRA
cf-request-id: 07bf77ad5d0000d6d5419c0000000001

GET
H2 200 style-custom-preloaders.css
www.geoedge.com/wp-content/uploads/wtbx_custom_styles/ 2 KB
470 B 189ms
185ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/wtbx_custom_styles/style-custom-preloaders.css?ver=1611113758

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7440dbf47430ea3bf7f37fd982699a9abc7d999bad2b18517fdcc2d897ea03c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 16 Jan 2021 21:13:28 GMT
server: cloudflare
etag: W/"600356f8-978"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eb0d6d5-FRA
cf-request-id: 07bf77ad5b0000d6d539abf000000001

GET
H2 200 scape-ui.min.css
www.geoedge.com/wp-content/themes/scape/library/fonts/ 5 KB
1 KB 64ms
61ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/fonts/scape-ui.min.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

43a458cef13603c03bae98ea2261b9cb0cd01cde9b8a970d72f47787c7a986c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 1151648
etag: W/"5ff2d95e-12b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eb2d6d5-FRA
cf-request-id: 07bf77ad620000d6d52992e000000001

GET
H2 200 style-custom-header-9.css
www.geoedge.com/wp-content/uploads/wtbx_custom_styles/ 9 KB
1003 B 45ms
42ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/wtbx_custom_styles/style-custom-header-9.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e106228d4bbbe5069b52a80eaed70ec81b6a73dfd253e181a46f28d47b8fbf01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:05:12 GMT
server: cloudflare
age: 1151649
etag: W/"5fe33278-237e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eb3d6d5-FRA
cf-request-id: 07bf77ad5c0000d6d518a31000000001

GET
H2 200 enlighterjs.min.css
www.geoedge.com/wp-content/plugins/enlighter/cache/ 78 KB
8 KB 34ms
31ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=0A0B0C

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Jan 2021 13:45:04 GMT
server: cloudflare
age: 133656
etag: W/"5ff5bee0-13686"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eb4d6d5-FRA
cf-request-id: 07bf77ad5d0000d6d504149000000001

GET
H2 200 jquery.min.js Show response
www.geoedge.com/wp-includes/js/jquery/ 87 KB
30 KB 36ms
33ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: cloudflare
age: 143395
etag: W/"5f7dedd5-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289eb6d6d5-FRA
cf-request-id: 07bf77ad5d0000d6d5739c3000000001

GET
H2 200 jquery-migrate.min.js Show response
www.geoedge.com/wp-includes/js/jquery/ 11 KB
4 KB 65ms
62ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Nov 2020 09:31:13 GMT
server: cloudflare
age: 133656
etag: W/"5fb63b61-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289ebfd6d5-FRA
cf-request-id: 07bf77ad610000d6d563b8d000000001

GET
H2 200 rbtools.min.js Show response
www.geoedge.com/wp-content/plugins/revslider/public/assets/js/ 117 KB
43 KB 39ms
37ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.0.9

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Sep 2020 19:49:01 GMT
server: cloudflare
age: 145533
etag: W/"5f4ea5ad-1d25a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289ec0d6d5-FRA
cf-request-id: 07bf77ad620000d6d550b4b000000001

GET
H2 200 rs6.min.js Show response
www.geoedge.com/wp-content/plugins/revslider/public/assets/js/ 313 KB
75 KB 52ms
50ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.14

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9200991ec41c1110786698efe54f4cfc3d07076578d535b8f1184c309e9e09d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Sep 2020 19:49:01 GMT
server: cloudflare
age: 145533
etag: W/"5f4ea5ad-4e4ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2289ec2d6d5-FRA
cf-request-id: 07bf77ad620000d6d50db9d000000001

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 99 KB
39 KB 33ms
29ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-155362157-1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d74979888d6254cdc669ed2c903ae7aca6774f40deabc6d51594454c0f39b90e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39889
x-xss-protection: 0
expires: Wed, 20 Jan 2021 03:37:42 GMT

GET
H2 200 Geoedge_add-integrity.png
www.geoedge.com/wp-content/uploads/2019/11/ 15 KB
15 KB 49ms
46ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2019/11/Geoedge_add-integrity.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b894dd503aa84e71ca6e7d072f2c86940f312580b8d94949abce82135a961ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
cf-cache-status: HIT
age: 345849
cf-polished: origFmt=png, origSize=19586
content-disposition: inline; filename="Geoedge_add-integrity.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 15208
cf-request-id: 07bf77ae3e0000d6d5462d2000000001
last-modified: Tue, 01 Sep 2020 19:48:59 GMT
server: cloudflare
etag: "5f4ea5ab-4c82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c229f825d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 wp-emoji-release.min.js Show response
www.geoedge.com/wp-includes/js/ 14 KB
4 KB 45ms
41ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/wp-emoji-release.min.js?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3685c3818240f5f390073c7d04f944a5cb5d848093224f3a7888034e8c050eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 20 Oct 2020 16:55:23 GMT
server: cloudflare
age: 344959
etag: W/"5f8f167b-37a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f828d6d5-FRA
cf-request-id: 07bf77ae3e0000d6d5ee806000000001

GET
H2 200 module-hero.css
www.geoedge.com/wp-content/themes/scape/library/css/ 51 KB
4 KB 24ms
23ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/module-hero.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ec7ef361b39d03f5492b637bd9c1f8c48b0fa31863a93c4ebd90c060bce1ed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133146
etag: W/"5ff2d95e-cb31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2292f29d6d5-FRA
cf-request-id: 07bf77adb80000d6d52f3cc000000001

GET
H2 200 mediaelementplayer-legacy.min.css
www.geoedge.com/wp-includes/js/mediaelement/ 11 KB
3 KB 25ms
24ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: cloudflare
age: 119440
etag: W/"5f735862-2bf8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2294f4ed6d5-FRA
cf-request-id: 07bf77add10000d6d5419c3000000001

GET
H2 200 wp-mediaelement.min.css
www.geoedge.com/wp-includes/js/mediaelement/ 4 KB
1 KB 37ms
37ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: cloudflare
age: 119440
etag: W/"5cfaccce-105a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2297f81d6d5-FRA
cf-request-id: 07bf77adee0000d6d518a38000000001

GET
H2 200 js_composer.min.css
www.geoedge.com/wp-content/plugins/js_composer/assets/css/ 474 KB
40 KB 40ms
39ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.2.0

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1dbbc4be8d88ae17466b1d7a8fd7bf4f9d9b5ab492719cdea721d82cecb738d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Sep 2020 16:16:11 GMT
server: cloudflare
age: 145534
etag: W/"5f4e73cb-76828"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229bfcbd6d5-FRA
cf-request-id: 07bf77ae120000d6d54c26a000000001

GET
H2 200 module-listitem.css
www.geoedge.com/wp-content/themes/scape/library/css/ 10 KB
1 KB 25ms
24ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/module-listitem.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c00a976553b29095c7f1f5c1ff4b5cb502c92e77edc4824b528dfd4141068b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133656
etag: W/"5ff2d95e-267c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229bfced6d5-FRA
cf-request-id: 07bf77ae150000d6d5ef2b3000000001

GET
H2 200 formreset.min.css
www.geoedge.com/wp-content/plugins/gravityforms/css/ 4 KB
469 B 34ms
23ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d70d9853ff87464d69a8174e3a76633bf29e45aaafcbccb214c10722b2b9714c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 145532
etag: W/"5fe33ac5-f14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229eff5d6d5-FRA
cf-request-id: 07bf77ae350000d6d539ac8000000001

GET
H2 200 formsmain.min.css
www.geoedge.com/wp-content/plugins/gravityforms/css/ 73 KB
11 KB 43ms
32ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1aa06690d5ab9d485e6d507b1b692c9dcfd7dc1c3a2018631b07345df48b080

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 145532
etag: W/"5fe33ac5-12305"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229eff7d6d5-FRA
cf-request-id: 07bf77ae350000d6d534189000000001

GET
H2 200 readyclass.min.css
www.geoedge.com/wp-content/plugins/gravityforms/css/ 30 KB
3 KB 34ms
23ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e61ac08ccbbff6ae298e168c6d2fb069e5db7c122fe07f7e2e4ce1dbb01a58fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 145532
etag: W/"5fe33ac5-76e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229eff9d6d5-FRA
cf-request-id: 07bf77ae350000d6d520838000000001

GET
H2 200 browsers.min.css
www.geoedge.com/wp-content/plugins/gravityforms/css/ 7 KB
1 KB 39ms
28ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f9a44c6380de9dad00c68412b2420fc5132e4013bf2f62d9daee5da9d151674

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 133656
etag: W/"5fe33ac5-1d79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229effad6d5-FRA
cf-request-id: 07bf77ae360000d6d50a2ae000000001

GET
H2 200 gfgeo.min.css
www.geoedge.com/wp-content/plugins/gravityforms-geolocation/assets/css/ 8 KB
2 KB 55ms
45ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms-geolocation/assets/css/gfgeo.min.css?ver=3.0-beta15

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff01bf43e3dd85db48f8e70c8367e627560b6a9f368497317429d911f497bbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:07 GMT
server: cloudflare
age: 145532
etag: W/"5fe33aa7-204b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229effcd6d5-FRA
cf-request-id: 07bf77ae360000d6d504152000000001

GET
H2 200 module-widgets.css
www.geoedge.com/wp-content/themes/scape/library/css/ 39 KB
5 KB 51ms
41ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/module-widgets.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eed1a8bec68dabc8c451feac27d569abbb682d85f72b6e63622795a7fb02930

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133656
etag: W/"5ff2d95e-9a4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229fffdd6d5-FRA
cf-request-id: 07bf77ae370000d6d5ee0ed000000001

GET
H2 200 module-sicons.css
www.geoedge.com/wp-content/themes/scape/library/css/ 64 KB
4 KB 37ms
27ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/css/module-sicons.css?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7340a92832e425db9571e55592467d2ca687510524d6d8fe04f95b7db0930024

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-10091"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229fffed6d5-FRA
cf-request-id: 07bf77ae370000d6d5ee805000000001

GET
H2 200 css
fonts.googleapis.com/ 4 KB
615 B 24ms
14ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76db9f551b7db5199f25bc0051c76d8e6d7aaac5cc1456e235693d9df8a4971a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 20 Jan 2021 03:37:42 GMT
server: ESF
date: Wed, 20 Jan 2021 03:37:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 20 Jan 2021 03:37:42 GMT

GET
H2 200 style-custom.css
www.geoedge.com/wp-content/uploads/wtbx_custom_styles/ 107 KB
15 KB 216ms
206ms Stylesheet
text/css 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/wtbx_custom_styles/style-custom.css?ver=1611113758

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2664da1caf3ab3a3ab14db16d7d7a4ef53d15c68c719cd867180c71cb97bda89

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 16 Jan 2021 21:13:28 GMT
server: cloudflare
etag: W/"600356f8-1ada6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229ffffd6d5-FRA
cf-request-id: 07bf77ae370000d6d5423e1000000001

GET
H2 200 enlighterjs.min.js Show response
www.geoedge.com/wp-content/plugins/enlighter/cache/ 57 KB
16 KB 59ms
49ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=0A0B0C

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Jan 2021 13:45:04 GMT
server: cloudflare
age: 133656
etag: W/"5ff5bee0-e33f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f800d6d5-FRA
cf-request-id: 07bf77ae370000d6d523ba7000000001

GET
H2 200 wp-embed.min.js Show response
www.geoedge.com/wp-includes/js/ 1 KB
801 B 53ms
44ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/wp-embed.min.js?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: cloudflare
age: 143393
etag: W/"5db39083-59a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f801d6d5-FRA
cf-request-id: 07bf77ae380000d6d5669e4000000001

GET
H2 200 module-pageheader.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/ 4 KB
1 KB 60ms
50ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/module-pageheader.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

22fb3a858d0cd96065e7ba2202b49d384290d4edb0ba0aef3eadec806f80209d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133656
etag: W/"5ff2d95e-118f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f802d6d5-FRA
cf-request-id: 07bf77ae3d0000d6d5669e5000000001

GET
H2 200 module-parallax.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/ 7 KB
2 KB 52ms
43ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/module-parallax.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea38b4cce3e30cce37f6dfe72f5d2f1cf6bc57e83152dd4c226b67fd5d8bc5f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133656
etag: W/"5ff2d95e-1c3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f803d6d5-FRA
cf-request-id: 07bf77ae380000d6d550b53000000001

GET
H2 200 mediaelement-and-player.min.js Show response
www.geoedge.com/wp-includes/js/mediaelement/ 154 KB
35 KB 52ms
43ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: cloudflare
age: 119439
etag: W/"5f735862-267aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f804d6d5-FRA
cf-request-id: 07bf77ae380000d6d5568f2000000001

GET
H2 200 mediaelement-migrate.min.js Show response
www.geoedge.com/wp-includes/js/mediaelement/ 1 KB
640 B 54ms
45ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b37a604b4add99725c3a9e6b0440fc4452f71139517e7d7deb452ed98499068c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 05 Oct 2019 19:49:10 GMT
server: cloudflare
age: 119439
etag: W/"5d98f3b6-4a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f805d6d5-FRA
cf-request-id: 07bf77ae390000d6d5fc31b000000001

GET
H2 200 wp-mediaelement.min.js Show response
www.geoedge.com/wp-includes/js/mediaelement/ 907 B
545 B 57ms
49ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

12aae45dbaf66e541e14694a7810a96fdd8b17f9ac5f5346fdc23d61d6fd74b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Jan 2020 02:21:05 GMT
server: cloudflare
age: 119440
etag: W/"5e266011-38b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f806d6d5-FRA
cf-request-id: 07bf77ae390000d6d55d0de000000001

GET
H2 200 vimeo.min.js Show response
www.geoedge.com/wp-includes/js/mediaelement/renderers/ 6 KB
2 KB 47ms
40ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

722a90d42ef2bd0ea38f0fdac6b4c0523aa4a027e9ffe889972100746e165582

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: cloudflare
age: 133146
etag: W/"5f735862-1940"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f807d6d5-FRA
cf-request-id: 07bf77ae390000d6d500077000000001

GET
H2 200 js_composer_front.min.js Show response
www.geoedge.com/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 45ms
38ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.2.0

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9be6923457d76debf4c512fac0a2173aaa94748868d26566515ce2a4156d083d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Sep 2020 19:49:08 GMT
server: cloudflare
age: 145532
etag: W/"5f4ea5b4-5075"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f809d6d5-FRA
cf-request-id: 07bf77ae3a0000d6d53a119000000001

GET
H2 200 jquery.json.min.js Show response
www.geoedge.com/wp-content/plugins/gravityforms/js/ 2 KB
996 B 34ms
27ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 133656
etag: W/"5fe33ac5-738"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f80cd6d5-FRA
cf-request-id: 07bf77ae3a0000d6d540ac4000000001

GET
H2 200 gravityforms.min.js Show response
www.geoedge.com/wp-content/plugins/gravityforms/js/ 34 KB
10 KB 57ms
50ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a97ccf742d54079d2ad298d349d023a91bb1c89f57c1198758cbf88cce0645e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 145532
etag: W/"5fe33ac5-8946"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f80dd6d5-FRA
cf-request-id: 07bf77ae3a0000d6d5ed0c4000000001

GET
H2 200 placeholders.jquery.min.js Show response
www.geoedge.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 83ms
76ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.4.22

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:37 GMT
server: cloudflare
age: 145532
etag: W/"5fe33ac5-121f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f80ed6d5-FRA
cf-request-id: 07bf77ae3a0000d6d55923e000000001

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 129 KB
42 KB 40ms
33ms Script
text/javascript 2a00:1450:4001:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?libraries=places&region=IL&language=en&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&ver=3.0-beta15

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

3a9e3d14a02512a0fadb5925cf88ee790bf011be2951000bd199b0d310bdd4b5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=19
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42943
x-xss-protection: 0
expires: Wed, 20 Jan 2021 04:07:42 GMT

GET
H2 200 gfgeo.min.js Show response
www.geoedge.com/wp-content/plugins/gravityforms-geolocation/assets/js/ 54 KB
11 KB 53ms
47ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/gravityforms-geolocation/assets/js/gfgeo.min.js?ver=3.0-beta15

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

84a70c4bfbbe784424d5c49501f50c1702a15f1f2ede30a8c81f896e63407564

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 12:40:07 GMT
server: cloudflare
age: 145532
etag: W/"5fe33aa7-d6eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f814d6d5-FRA
cf-request-id: 07bf77ae3d0000d6d53837a000000001

GET
H2 200 asyncdc.min.js Show response
www.geoedge.com/wp-content/plugins/pardot/js/ 457 B
319 B 49ms
43ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/plugins/pardot/js/asyncdc.min.js?ver=5.6

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91d744bf23ae2d21a6565a51934c39e0f8fa6121b958f2998a1979ee7ba2fa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 16 Aug 2020 09:44:56 GMT
server: cloudflare
age: 145532
etag: W/"5f390018-1c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f815d6d5-FRA
cf-request-id: 07bf77ae3c0000d6d52cad1000000001

GET
H2 200 jquery.waypoints.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 8 KB
2 KB 51ms
45ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/jquery.waypoints.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

343d64d9d7d250081b97e7ead05e3ba8362712807e644d2dd465d999fe138c56

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-21bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f816d6d5-FRA
cf-request-id: 07bf77ae470000d6d52cad2000000001

GET
H2 200 lazyload.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 18 KB
7 KB 45ms
39ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/lazyload.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d220712fbafe9fecbeb4121c41957d093a4e49ba70846ffd8578d03aabec1c21

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-495d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f817d6d5-FRA
cf-request-id: 07bf77ae3c0000d6d509ad1000000001

GET
H2 200 hammer.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 18 KB
6 KB 41ms
35ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/hammer.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

08062d92d5bf7f958a2fa5decb8f8de0547ba5cc9aa5862b1ebae81124112deb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-46ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f819d6d5-FRA
cf-request-id: 07bf77ae3c0000d6d5f03cd000000001

GET
H2 200 jquery.mousewheel.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 3 KB
1 KB 53ms
48ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/jquery.mousewheel.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd6a19381798d3ca0593e5adbf098a3190ff388a532ec0fee658bc56039701f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-a2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f81bd6d5-FRA
cf-request-id: 07bf77ae460000d6d53837b000000001

GET
H2 200 slick.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 42 KB
10 KB 51ms
46ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/slick.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a227ce439affad1a1240b2e767b51bfedb99c771f68ae2fc4155089ca57bc421

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-a900"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f81cd6d5-FRA
cf-request-id: 07bf77ae3d0000d6d5419c9000000001

GET
H2 200 flickity.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 53 KB
13 KB 46ms
41ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/flickity.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd54122ecfa7b512c36d94b3b0c8348d49c6e90b955a9ca7842494072b4ec54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133655
etag: W/"5ff2d95e-d374"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f81dd6d5-FRA
cf-request-id: 07bf77ae3d0000d6d5ef2b5000000001

GET
H2 200 jquery.mega-menu.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 11 KB
3 KB 41ms
36ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/jquery.mega-menu.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe4b664bee52391d5afcd09ff4357f1c7f5b2bf9a8fe7e4273e9814ebd90f11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-2c13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f81ed6d5-FRA
cf-request-id: 07bf77ae3d0000d6d54c26c000000001

GET
H2 200 imagesloaded.min.js Show response
www.geoedge.com/wp-includes/js/ 5 KB
2 KB 43ms
38ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
age: 133656
etag: W/"5ee520a7-15fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f81fd6d5-FRA
cf-request-id: 07bf77ae3d0000d6d539ac9000000001

GET
H2 200 plyr.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 92 KB
23 KB 52ms
48ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/plyr.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2db04ff2712055e29a4b50d0d10da853676f78c909789308b771d4cba4c9261c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-16e31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f821d6d5-FRA
cf-request-id: 07bf77ae3f0000d6d5669e6000000001

GET
H2 200 typed.min.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/libs/min/ 11 KB
3 KB 53ms
48ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/libs/min/typed.min.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc8f54b88adb7947922a3a42849925398e3ac0cce2e65e3ee7a9fb9d8a854ce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 133655
etag: W/"5ff2d95e-2c42"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f822d6d5-FRA
cf-request-id: 07bf77ae3e0000d6d563b97000000001

GET
H2 200 app.js Show response
www.geoedge.com/wp-content/themes/scape/library/js/ 141 KB
28 KB 58ms
54ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/js/app.js?ver=1.4.7

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c79af07bb9826285d93f315dcbf714425539c9347fc74ced1ed71312a788fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
age: 145532
etag: W/"5ff2d95e-233a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c229f824d6d5-FRA
cf-request-id: 07bf77ae3e0000d6d519319000000001

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 120 KB
43 KB 36ms
33ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TWXP7R4

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5c1b181be71805af9ab198f1add6fd5eacfad2d0a663c77c0717b037795fcb47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43884
x-xss-protection: 0
last-modified: Wed, 20 Jan 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 20 Jan 2021 03:37:42 GMT

GET
H2 200 shutterstock_1341253382-1170x658.jpg
www.geoedge.com/wp-content/uploads/2021/01/ 63 KB
63 KB 27ms
27ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/shutterstock_1341253382-1170x658.jpg

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adbff61e2b8ffc9327744603e7d6d131109a5708ee3cb35b9dfb24ee9ddc6d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 147873
cf-polished: origSize=67950, status=webp_bigger
content-length: 64448
cf-request-id: 07bf77ae400000d6d550b56000000001
last-modified: Mon, 18 Jan 2021 08:53:44 GMT
server: cloudflare
etag: "60054c98-1096e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c229f829d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 381 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63271dcce1a2518271ecc2b0bdcc5afc9c5f0968a8635e0f97a4c9747309eb82

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 scape-ui.ttf
www.geoedge.com/wp-content/themes/scape/library/fonts/fonts/ 31 KB
32 KB 25ms
25ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/themes/scape/library/fonts/fonts/scape-ui.ttf

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/wp-content/themes/scape/library/fonts/scape-ui.min.css?ver=1.4.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0ff7b6a0ed942e506fbbc3076e1f71ae3d9c4dfc334ea1eeb44cce3bdcf799e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Origin: https://www.geoedge.com
Referer: https://www.geoedge.com/wp-content/themes/scape/library/fonts/scape-ui.min.css?ver=1.4.7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:42 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 298518
content-length: 32128
cf-request-id: 07bf77ae410000d6d5ff1d8000000001
last-modified: Mon, 04 Jan 2021 09:01:18 GMT
server: cloudflare
etag: "5ff2d95e-7d80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22a082dd6d5-FRA

GET
H2 200 tweet-338x450.png
www.geoedge.com/wp-content/uploads/2021/01/ 45 KB
45 KB 38ms
35ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/tweet-338x450.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a4bac284c8199083aa927a16b56052f0563fbe2d60f8de085bf827ae6a6b5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 214031
cf-polished: origFmt=png, origSize=71332
content-disposition: inline; filename="tweet-338x450.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 46178
cf-request-id: 07bf77af540000d6d54995d000000001
last-modified: Sun, 17 Jan 2021 16:10:31 GMT
server: cloudflare
etag: "60046177-116a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9bad6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 ImpostorPicture1-450x244.png
www.geoedge.com/wp-content/uploads/2021/01/ 6 KB
6 KB 30ms
27ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/ImpostorPicture1-450x244.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce090bf0fcbb6f2daa322c1dcd8e1ce7dab2a861613d1a4d3e96307d20bd6d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 230300
cf-polished: origFmt=png, origSize=9656
content-disposition: inline; filename="ImpostorPicture1-450x244.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 6020
cf-request-id: 07bf77af540000d6d5f03de000000001
last-modified: Thu, 14 Jan 2021 11:32:47 GMT
server: cloudflare
etag: "60002bdf-25b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9bbd6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 ImpostorPicture2-450x253.png
www.geoedge.com/wp-content/uploads/2021/01/ 37 KB
37 KB 26ms
23ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/ImpostorPicture2-450x253.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f28409bc25a96492d606856bb672eec28a67aae67ce150f8853ac10b1a4eebf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 230300
cf-polished: origFmt=png, origSize=54715
content-disposition: inline; filename="ImpostorPicture2-450x253.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 37776
cf-request-id: 07bf77af540000d6d56ab98000000001
last-modified: Thu, 14 Jan 2021 11:33:03 GMT
server: cloudflare
etag: "60002bef-d5bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9bdd6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 obfuscated_locking_script-450x224.png
www.geoedge.com/wp-content/uploads/2021/01/ 115 KB
116 KB 30ms
27ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/obfuscated_locking_script-450x224.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d2001d44410305bd5994d6ab905479e04f45bfde1c2761343d44df28b848543

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 217797
cf-polished: origFmt=png, origSize=167629
content-disposition: inline; filename="obfuscated_locking_script-450x224.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 118226
cf-request-id: 07bf77af540000d6d5ed0cb000000001
last-modified: Sun, 17 Jan 2021 15:07:42 GMT
server: cloudflare
etag: "600452be-28ecd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9bed6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 full_screen_function-450x105.png
www.geoedge.com/wp-content/uploads/2021/01/ 25 KB
26 KB 28ms
26ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/full_screen_function-450x105.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e832a1a175e07837da23996382a864bafc75a4f0a242140b7976d38ae12b375c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 217628
cf-polished: origFmt=png, origSize=34552
content-disposition: inline; filename="full_screen_function-450x105.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 26098
cf-request-id: 07bf77af540000d6d550b62000000001
last-modified: Sun, 17 Jan 2021 15:10:33 GMT
server: cloudflare
etag: "60045369-86f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9bfd6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 listen_ctrl_keys-450x109.png
www.geoedge.com/wp-content/uploads/2021/01/ 23 KB
23 KB 27ms
25ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/listen_ctrl_keys-450x109.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

18397b99b919ec89770bc35356d29a5d9ce85353a2cc980a650e5e0fa20b2a20

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 217019
cf-polished: origFmt=png, origSize=31632
content-disposition: inline; filename="listen_ctrl_keys-450x109.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 23640
cf-request-id: 07bf77af550000d6d5669f4000000001
last-modified: Sun, 17 Jan 2021 15:20:43 GMT
server: cloudflare
etag: "600455cb-7b90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9c0d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 confirmation_code_screenshot-450x253.png
www.geoedge.com/wp-content/uploads/2021/01/ 41 KB
41 KB 30ms
29ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/confirmation_code_screenshot-450x253.png

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc2894c8ebd4630bda2d7dda759714625169cf1b87450bc0da89511d7bc453e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: HIT
age: 216686
cf-polished: origFmt=png, origSize=59029
content-disposition: inline; filename="confirmation_code_screenshot-450x253.webp"
strict-transport-security: max-age=63072000; includeSubDomains
content-length: 41544
cf-request-id: 07bf77af550000d6d55eac7000000001
last-modified: Sun, 17 Jan 2021 15:26:13 GMT
server: cloudflare
etag: "60045715-e695"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6145c22bb9c1d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 206 Israel-Police-Scam1.mp4
www.geoedge.com/wp-content/uploads/2021/01/ 166 KB
0 187ms
187ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/Israel-Police-Scam1.mp4?_=1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 17 Jan 2021 15:59:34 GMT
server: cloudflare
access-control-allow-origin: *
etag: "60045ee6-4a8db4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: video/mp4
Content-Range: bytes 0-4885939/4885940
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c22bb9c2d6d5-FRA
Content-Length: 4885940
cf-request-id: 07bf77af550000d6d5419d2000000001

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 178 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ee0806e69f2ae70a2267a58ac5fc5d52b5aa7aca6f3c0c08adad605fd8fbc16

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 352 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f3592a8b8037ea064764a2815799612063c6722d314d1d66d3a9391c3c16d66

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 243 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d2d8043c302d3a9da9277374a53e2285c471d5dc8397885b4931b82771d5cae

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 hotjar-284642.js Show response
static.hotjar.com/c/ 10 KB
3 KB 65ms
36ms Script
application/javascript 65.9.73.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-284642.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TWXP7R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.73.2 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

02f5c7ee73ca007f1015cdf262d9123c46afee62dadc7888c6079d66e2dda0de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: AMS1-C1
etag: W/1154d67646f5a2fbb82beecc8e8fa2e1
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: XTYK4RJlAADdyXBT8BCnNuPBmwZkeXXUuX7F0iw0EyjDmCvb5mFUlw==
via: 1.1 025692f042f48f4d5f15fa44d00c09ee.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TWXP7R4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 20 Jan 2021 03:37:43 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=25204
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 90 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: N6PAxazzA+eu2/gSj37P+69GqvZI9S3siG0rq/8RbZIkxij0mCH03Fo3qQmY4X5Rm2pxY7n/ClcFaB7NaYgbtw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Wed, 20 Jan 2021 03:37:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 17 KB
6 KB 21ms
6ms Script
application/javascript 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 30 Jun 2020 17:04:46 GMT
server: snooserv
etag: "85ee817cda81317b49d1d3056f6bdf95"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 5809

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-155362157-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 362
date: Wed, 20 Jan 2021 03:31:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 20 Jan 2021 05:31:41 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/95e2cf8aaf754967bc57a345f3b9fb52/ 43 B
421 B 412ms
103ms Image
image/gif 3.227.227.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/95e2cf8aaf754967bc57a345f3b9fb52/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.227.227.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-227-227-165.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 20 Jan 2021 03:37:43 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,4495f1df4e18ab937b17ff35b45a6e7e,10.0.0.132,49024,89.249.64.171,,60121955824,1,1611113863.556,0.002,,.,0,0,0.000,0.000,-,0,0,197,130,65,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 213 KB
63 KB 27ms
9ms Script
application/javascript 23.111.11.71
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: f9f1eecc5dd637da4a647ec78efa903fd42be6c0702aa9245fed73db252f3120

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 19:05:07 GMT
server: NetDNA-cache/2.2
x-amz-request-id: E9454662799CF0DD
etag: W/"5bf7fb8f704885088b5081e9bd878461"
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31104000
x-amz-id-2: Jjnr0ESwx6wgIe2NWX6aJdGZBBBIbF7dWcBfBaIz9mKj98Mc5hEv3OnAG+EjF2aFHXab3xI1aYg=
expires: Sat, 15 Jan 2022 03:37:43 GMT

GET
H2 200 rP2Hp2ywxg089UriCZOIHTWEBlw.woff2
fonts.gstatic.com/s/dmsans/v6/ 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Hp2ywxg089UriCZOIHTWEBlw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

947b7ccb1ff6effa4ba2c2a9b29c5ed5c3caf45e1c65109041676da35dfce9a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.geoedge.com
Referer: https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 00:42:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:00:15 GMT
server: sffe
age: 10508
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12120
x-xss-protection: 0
expires: Thu, 20 Jan 2022 00:42:35 GMT

GET
H2 200 rP2Cp2ywxg089UriAWCrCBimC3YU-Ck.woff2
fonts.gstatic.com/s/dmsans/v6/ 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Cp2ywxg089UriAWCrCBimC3YU-Ck.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fb0c86af1c13c5131417bf4ef98a45a1f83f0cc2990096ceb5bb666722efaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.geoedge.com
Referer: https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 23:24:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:00:23 GMT
server: sffe
age: 447220
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12144
x-xss-protection: 0
expires: Fri, 14 Jan 2022 23:24:03 GMT

GET
H2 200 rP2Fp2ywxg089UriCZa4Hz-DJF4e8A.woff2
fonts.gstatic.com/s/dmsans/v6/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Fp2ywxg089UriCZa4Hz-DJF4e8A.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0cd33d4d39efabbda68564e16a219fb56655864ce175fb0d26c869b8e7eb61cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.geoedge.com
Referer: https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 20:30:14 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:00:25 GMT
server: sffe
age: 457649
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12900
x-xss-protection: 0
expires: Fri, 14 Jan 2022 20:30:14 GMT

GET
H2 200 rP2Cp2ywxg089UriASitCBimC3YU-Ck.woff2
fonts.gstatic.com/s/dmsans/v6/ 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v6/rP2Cp2ywxg089UriASitCBimC3YU-Ck.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2640c4595fbc86b33401ce34230f8871add04b382ed281473dbd7fb6513c28d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.geoedge.com
Referer: https://fonts.googleapis.com/css?family=DM+Sans%3Aregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C400&subset=latin-ext&ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 07:43:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:00:19 GMT
server: sffe
age: 590051
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12052
x-xss-protection: 0
expires: Thu, 13 Jan 2022 07:43:32 GMT

GET
H2 200 mejs-controls.svg
www.geoedge.com/wp-includes/js/mediaelement/ 4 KB
1 KB 23ms
22ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.geoedge.com/wp-includes/js/mediaelement/mejs-controls.svg

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2017 04:43:51 GMT
server: cloudflare
age: 214688
etag: W/"59800707-11f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c22e5c44d6d5-FRA
cf-request-id: 07bf77b0fa0000d6d5ee108000000001

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D160602%26time%3D1611113863428%26url%3Dhttps%253A%252F%252Fwww.geoedge.com%252Fran...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&liSync=true

0
81 B

369ms
369ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&liSync=true
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:44 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: eLDh5YXTWxaQnIvUWisAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: xoPm4IXTWxZwkIoQZCsAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 4FD45A19E19B4681B1F69237AE5F97D8 Ref B: FRAEDGE1315 Ref C: 2021-01-20T03:37:43Z
x-frame-options: sameorigin
date: Wed, 20 Jan 2021 03:37:42 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=160602&time=1611113863428&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 391142128009593 Show response
connect.facebook.net/signals/config/ 241 KB
69 KB 45ms
45ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/391142128009593?v=2.9.32&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

79f7f7c597621b0819fd6064ca796e1c14588948be9073f6069499d3f1c7865b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: PYUMuQU98OF7OxoO7+alkuoybugxeZRaNHz4dKRnvnw9nsaznZC4x+hp9iHq4i6vVa32ZERCnj4sX8x7Ni7tvA==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 20 Jan 2021 03:37:43 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 176501694
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
388 B 47ms
13ms XHR
text/plain 2a00:1450:4001:815::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1233965899&t=pageview&_s=1&dl=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Scammers%20Impersonate%20Local%20Police%20in%20%27Impostor%27%20Attack%20%7C%20GeoEdge&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=952949099&gjid=1107105889&cid=649871935.1611113863&tid=UA-155362157-1&_gid=1257472264.1611113863&_r=1&gtm=2ou161&z=2004507147

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geoedge.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 Israel-Police-Scam1.mp4
www.geoedge.com/wp-content/uploads/2021/01/ 64 KB
0 176ms
174ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/Israel-Police-Scam1.mp4?_=1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=98304-

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 17 Jan 2021 15:59:34 GMT
server: cloudflare
access-control-allow-origin: *
etag: "60045ee6-4a8db4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: video/mp4
Content-Range: bytes 98304-4885939/4885940
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c22f1cf8d6d5-FRA
Content-Length: 4787636
cf-request-id: 07bf77b16a0000d6d563bb6000000001

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 124ms
108ms Image
image/gif 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1611113863535&id=t2_5lpg23aa&event=PageVisit&uuid=2a27105d-ff9e-4643-805b-92c65c80ce08&s=SBT0Z7RGZ8PeB%2FP4pQ8YpndRLho5mgwzeCmB%2FcjHZt4%3D
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H2 200 modules.3123a148abe4a1b966d0.js Show response
script.hotjar.com/ 222 KB
59 KB 48ms
16ms Script
application/javascript 13.224.194.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.3123a148abe4a1b966d0.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-284642.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.194.79 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-79.fra2.r.cloudfront.net

Software

Resource Hash

05cb4002e73d59b4ce5b702068f39413e152eee56f100c733892cf13d012129c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 18 Jan 2021 08:42:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 154485
x-cache: Hit from cloudfront
content-length: 59782
access-control-allow-origin: *
last-modified: Mon, 18 Jan 2021 08:40:59 GMT
etag: "0ca9fccf3f162cbe57295289f70c1d71"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 79jk9cFjUmbXw6UXTw-cPwORLB01A_O9irIaxoP3gx3L650cqwr5-Q==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=952949099&gjid=1107105889&_gid=1257472264.1611113863&_u=IEBAAUAAAAAAAC~&z=120881404

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 20 Jan 2021 03:37:43 GMT
content-type: text/plain
access-control-allow-origin: https://www.geoedge.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame A095 0
0 47ms
15ms Document
text/html 13.224.194.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-284642.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.78 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-78.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Response headers

content-type: text/html
content-length: 851
date: Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0b9e85cfe8fe19b385db56d32b4ce802.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 4W7CW3OzZXLK8nfXi9UEb_3QLV-MJm2NkcBGTLzPwfLDcB60FR6e8g==
age: 4963000

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 22ms
17ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=952949099&_u=IEBAAUAAAAAAAC~&z=1906631278

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 21ms
16ms Image
image/gif 2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=952949099&_u=IEBAAUAAAAAAAC~&z=1906631278

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
266 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=391142128009593&ev=PageView&dl=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&rl=&if=false&ts=1611113863711&sw=1600&sh=1200&v=2.9.32&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1611113863709.2031044565&it=1611113863483&coo=false&rqm=GET

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 20 Jan 2021 03:37:43 GMT

GET
H2 206 Israel-Police-Scam1.mp4
www.geoedge.com/wp-content/uploads/2021/01/ 35 KB
36 KB 164ms
163ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/Israel-Police-Scam1.mp4?_=1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c56e7f38dec5111c07273ca1907a7a1662cebc9f2a58af8c7bdffbd372834ed4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=4849664-

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 17 Jan 2021 15:59:34 GMT
server: cloudflare
access-control-allow-origin: *
etag: "60045ee6-4a8db4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: video/mp4
Content-Range: bytes 4849664-4885939/4885940
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2304e20d6d5-FRA
Content-Length: 36276
cf-request-id: 07bf77b22d0000d6d5ff202000000001

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/284642/ 152 B
305 B 98ms
36ms XHR
application/json 54.171.249.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/284642/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.3123a148abe4a1b966d0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.249.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-249-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c4dc799d09b15e57ee98e3c3866ca16f53354cb79838d3aa6c9c961292151858

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 20 Jan 2021 03:37:43 GMT
content-encoding: br
access-control-allow-credentials: true
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json

GET
H2 200 shutterstock_1341253382.jpg
150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com/wp-content/uploads/2021/01/ 3 MB
3 MB 40ms
7ms Image
image/jpeg 94.31.29.64
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com/wp-content/uploads/2021/01/shutterstock_1341253382.jpg
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.64 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.64.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 0601cce93628532ba81aabc44878032d646168feaa26a9a8ab0f21c708fea3e4

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:43 GMT
last-modified: Mon, 18 Jan 2021 08:53:43 GMT
server: NetDNA-cache/2.2
etag: "60054c97-2ab486"
vary: Accept-Encoding
x-cache: HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 2798726

GET
H2 206 Israel-Police-Scam1.mp4
www.geoedge.com/wp-content/uploads/2021/01/ 3 MB
0 166ms
165ms Media
video/mp4 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.geoedge.com/wp-content/uploads/2021/01/Israel-Police-Scam1.mp4?_=1

Requested by

Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=98304-

Response headers

date: Wed, 20 Jan 2021 03:37:44 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 17 Jan 2021 15:59:34 GMT
server: cloudflare
access-control-allow-origin: *
etag: "60045ee6-4a8db4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: video/mp4
Content-Range: bytes 98304-4885939/4885940
cache-control: public, max-age=31536000
strict-transport-security: max-age=63072000; includeSubDomains
cf-ray: 6145c2316f66d6d5-FRA
Content-Length: 4787636
cf-request-id: 07bf77b2e50000d6d5ee838000000001

GET
H2

200

shim.latest.js Show response
js.intercomcdn.com/
Redirect Chain

https://widget.intercom.io/widget/ucmn5ml0
https://js.intercomcdn.com/shim.latest.js

13 KB
5 KB

43ms
13ms

Script
application/javascript

65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/shim.latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61bea66b7809eb03f0e2f1ef211c9569ebd676ac8d1a90e2a637440c55668a90

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 03:34:47 GMT
content-encoding: gzip
last-modified: Tue, 19 Jan 2021 12:14:44 GMT
server: AmazonS3
age: 178
etag: "5b21b26a66ac1642b79cd77210445902"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=300, s-maxage=300, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 4811
x-amz-cf-id: ojGcTsjwZb1L8WZMYlqfmquH0T6Pwez8f7_wWacacdbWSiMdPOG7sw==

Redirect headers

date: Wed, 30 Dec 2020 12:14:54 GMT
via: 1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
server: AmazonS3
age: 1783371
x-cache: Hit from cloudfront
location: https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop: FRA2-C1
content-length: 0
x-amz-cf-id: 0JryDZnY3-Aj3sN3nyQw4-FjmSGRRJyvJJFHB_k-9dkMY_miyCOgtA==

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 396ms
100ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 20 Jan 2021 03:37:44 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Fri, 13 Mar 2020 19:44:11 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Fri, 20 Jan 2023 03:37:44 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
84 B 7ms
7ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydcaBAz3dM3dgcFoU

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 20 Jan 2021 03:37:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.geoedge.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 frame-modern.1cd2e224.js Show response
js.intercomcdn.com/ Frame B4E8 244 KB
66 KB 16ms
15ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Requested by: Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ucmn5ml0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c8c74a9983d5e4e3b571871e858c3efff7f06ec7f51d4fea217f57228d70929

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:14:48 GMT
content-encoding: gzip
last-modified: Tue, 19 Jan 2021 12:06:19 GMT
server: AmazonS3
age: 4977
etag: "634ccf577f0ddc68308b37954ddd7709"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 67417
x-amz-cf-id: yccdArC7Q6Hvl9eonX9Ki0vRmplTicLmt_h9IN-fx8_-0_RZ45C8bA==

GET
H2 200 vendor-modern.09ac2fbd.js Show response
js.intercomcdn.com/ Frame B4E8 123 KB
38 KB 16ms
15ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendor-modern.09ac2fbd.js
Requested by: Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ucmn5ml0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fbb04e2c9dbc68a01814401fe4349e5d1c39528bcfa871d8526d5c2c75d3a07a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:16:49 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 10:11:08 GMT
server: AmazonS3
age: 4856
etag: "14e08984884865ac18f9c12b08c853c3"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 38309
x-amz-cf-id: OFjl4ZY8SqnM39Kr3Ne_FFQwrdwoJFocfd1tCttkRltMAwCKrs4HWQ==

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame B4E8 4 KB
2 KB 652ms
457ms XHR
application/json 75.2.88.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.88.188 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad8b87a22ce463223.awsglobalaccelerator.com

Software

nginx /

Resource Hash

f1a9e29a400bb7060047619c073d32a58437dfabaa0edcf8e90d4c6a8b192bc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Jan 2021 03:37:44 GMT
content-encoding: gzip
x-ami-version: ami-0652482630a54befd
status: 200 OK
strict-transport-security: max-age=31556952; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 003r7tic7l5frj96lb40
x-runtime: 0.350737
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"f1a9e29a400bb7060047619c073d32a5"
x-ratelimit-remaining: 19999
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geoedge.com
x-intercom-version: 6647bb4e23c930ef1070f55f2ee033ad450a760d
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1611113880
x-ratelimit-limit: 20000
access-control-allow-headers: Content-Type
x-content-type-options: nosniff

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 2 KB
2 KB 283ms
283ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=47655&account_id=385522&title=Ransomware%20Scammers%20Impersonate%20Local%20Police%20in%20%27Impostor%27%20Attack%20%7C%20GeoEdge&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: a8d5c4813c108e1301a5de036c6ee7d0cc38eafdd89b24728dd1dbb25c4aa155

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 20 Jan 2021 03:37:44 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 16/70/179
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 855
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
go.geoedge.com/ 52 B
1 KB 431ms
430ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.geoedge.com/analytics?conly=true&visitor_id=767732116&visitor_id_sign=ac4226665cd2330b6cb6d4a44b146f8ec584a42581b310b60bb83b764bf12a8db98c207d23b3fe6fd84711c45b74ae7106030b39&pi_opt_in=&campaign_id=47655&account_id=385522&title=Ransomware%20Scammers%20Impersonate%20Local%20Police%20in%20%27Impostor%27%20Attack%20%7C%20GeoEdge&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=47655&account_id=385522&title=Ransomware%20Scammers%20Impersonate%20Local%20Police%20in%20%27Impostor%27%20Attack%20%7C%20GeoEdge&url=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 20 Jan 2021 03:37:44 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/59/62
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 / Show response
api.ipregistry.co// 2 KB
1 KB 25ms
11ms XHR
application/json 2600:1901:0:f651::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipregistry.co//?key=o1cd1zz0lnobgu
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:f651:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: aac03b929f3059e58516e385ee7b97ba2d86659c16961a4428d7c563d4cc5c0a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:45 GMT
content-encoding: gzip
ipregistry-credits-consumed: 1
ipregistry-credits-remaining: 86898
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
ipregistry-version: 1
alt-svc: clear
content-length: 1003
via: 1.1 google
ipregistry-pod: ipregistry-api-5c8b5ff5-bhdnd

GET
H2 200 / Show response
api.ipregistry.co// 2 KB
1 KB 25ms
12ms XHR
application/json 2600:1901:0:f651::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipregistry.co//?key=o1cd1zz0lnobgu
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:f651:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: aac03b929f3059e58516e385ee7b97ba2d86659c16961a4428d7c563d4cc5c0a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:45 GMT
content-encoding: gzip
ipregistry-credits-consumed: 1
ipregistry-credits-remaining: 86898
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
ipregistry-version: 1
alt-svc: clear
content-length: 1003
via: 1.1 google
ipregistry-pod: ipregistry-api-5c8b5ff5-xb96g

GET
H3-Q050 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/43/5/ 76 KB
28 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/43/5/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=places&region=IL&language=en&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&ver=3.0-beta15

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf48a816337d3114312c958252eceee63f47fb2acd1c6027ef51b27239961e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 19 Jan 2021 10:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Jan 2021 20:13:50 GMT
server: sffe
age: 61335
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28632
x-xss-protection: 0
expires: Wed, 19 Jan 2022 10:35:30 GMT

GET
H3-Q050 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/43/5/ 145 KB
54 KB 36ms
21ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/43/5/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=places&region=IL&language=en&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&ver=3.0-beta15

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c128e1e6d9d5bee37422cf18efdd281dddc7906526fa9a6b861eeae80734382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 18 Jan 2021 13:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Jan 2021 20:13:50 GMT
server: sffe
age: 138208
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55076
x-xss-protection: 0
expires: Tue, 18 Jan 2022 13:14:17 GMT

GET
H3-Q050 200 geocoder.js Show response
maps.googleapis.com/maps-api-v3/api/js/43/5/ 3 KB
2 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/43/5/geocoder.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=places&region=IL&language=en&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&ver=3.0-beta15

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

312d785529690de48b81c39a3a6a7fcec6f775d6da42d17c42c8b01414219e05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 13 Jan 2021 18:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Jan 2021 20:13:50 GMT
server: sffe
age: 549869
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1352
x-xss-protection: 0
expires: Thu, 13 Jan 2022 18:53:16 GMT

GET
H3-Q050 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
247 B 43ms
43ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&4sAIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&callback=_xdc_._dxza3t&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&token=88959

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/43/5/common.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

d308951cabd1ebba886753a70068a5d2a37e73774a9cf33001ed78141bb8beaf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:45 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=29
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 GeocodeService.Search Show response
maps.googleapis.com/maps/api/js/ 14 KB
1 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/GeocodeService.Search?5m2&1d50.99996&2d9.00001&7sIL&9sen&callback=_xdc_._hjjim9&key=AIzaSyBz6GPAuqfg8hUvGEcQfC6EATKmBvk1umM&token=10380

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/43/5/common.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

cbb40823d4f853e9eb7090d32e965a4b84d11741cafec5c80579a546fac7f595

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:45 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=65
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1433
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 match Show response
api-iam.intercom.io/messenger/web/rulesets/13483189/ Frame B4E8 3 KB
2 KB 933ms
932ms XHR
application/json 75.2.88.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/rulesets/13483189/match

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.88.188 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad8b87a22ce463223.awsglobalaccelerator.com

Software

nginx /

Resource Hash

b90235ec9bc263f39c42124e7a9b508c13396b06d58d064e942d18ffaab5317e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Jan 2021 03:37:56 GMT
content-encoding: gzip
x-ami-version: ami-0652482630a54befd
status: 200 OK
strict-transport-security: max-age=31556952; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 000av95kp4cldp9s287g
x-runtime: 0.824992
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"b90235ec9bc263f39c42124e7a9b508c"
x-ratelimit-remaining: 19998
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geoedge.com
x-intercom-version: 6647bb4e23c930ef1070f55f2ee033ad450a760d
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 1611113880
x-ratelimit-limit: 20000
access-control-allow-headers: Content-Type
x-content-type-options: nosniff

POST
H2 200 36000012824 Show response
api-iam.intercom.io/messenger/web/conversations/ Frame B4E8 3 KB
1 KB 222ms
222ms XHR
application/json 75.2.88.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/conversations/36000012824

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

75.2.88.188 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ad8b87a22ce463223.awsglobalaccelerator.com

Software

nginx /

Resource Hash

ee9f79537f9812a503284d521700c10e2a7f2619cceae89208cee3e261cd799b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Jan 2021 03:37:55 GMT
content-encoding: gzip
x-ami-version: ami-0652482630a54befd
status: 200 OK
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 000bl44iap1ml10pc4og
x-runtime: 0.118355
server: nginx
x-frame-options: SAMEORIGIN
etag: W/"ee9f79537f9812a503284d521700c10e"
strict-transport-security: max-age=31556952; includeSubDomains; preload
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.geoedge.com
x-intercom-version: 6647bb4e23c930ef1070f55f2ee033ad450a760d
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-content-type-options: nosniff

GET
H2 200 vendors~app-modern.ab999db8.js Show response
js.intercomcdn.com/ Frame B4E8 322 KB
97 KB 16ms
15ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendors~app-modern.ab999db8.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b77ba7baafea04a0c24926ca85eb8c18720bc4db1e0006e3be72131dd999007

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:17:25 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 10:11:08 GMT
server: AmazonS3
age: 4849
etag: "567dee4f6536172d0044bc6d6398ccea"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 98501
x-amz-cf-id: rN39uUGPiwEose49d_nxXZfqo90lD8mCf9B0XHeJHtk7ML7JeXrCgg==

GET
H2 200 app-modern.f281c871.js Show response
js.intercomcdn.com/ Frame B4E8 663 KB
156 KB 16ms
15ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/app-modern.f281c871.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c528c775cd327d691d4fe95641120cde10e3f506ed5017276abffacbe4a077fe

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:29:53 GMT
content-encoding: gzip
last-modified: Mon, 18 Jan 2021 14:20:53 GMT
server: AmazonS3
age: 4116
etag: "dc65f76b43db2393674748cfb3360071"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 159306
x-amz-cf-id: wT3XNnU2KhXr7gwNEu8p9sfw68UyJithJ4HQsKcC10JOfs5ffGlWLg==

GET
H2 206 operator.2b750c4a.mp3
js.intercomcdn.com/audio/ Frame B4E8 27 KB
28 KB 15ms
15ms Media
audio/mpeg 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/audio/operator.2b750c4a.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a89eff3892013214c69fba61e95f78271fceebaf466217a783f1f568eeef71cc

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 20 Jan 2021 03:23:55 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
etag: "2b750c4aa8cd865ec68fb3658f26a7c8"
last-modified: Fri, 18 Dec 2020 14:22:28 GMT
server: AmazonS3
age: 902
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: audio/mpeg
Content-Range: bytes 0-27824/27825
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
Content-Length: 27825
x-amz-cf-id: 0QasvSbZNEs0TrYPiIW-A-Vx6zuoGsHuu41DJw8PkMzUm1OQkuntIA==

GET
H2 200 vendors~message-modern.01eeb29e.js Show response
js.intercomcdn.com/ Frame B4E8 30 KB
9 KB 15ms
14ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/vendors~message-modern.01eeb29e.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2c7aef7d1403505ba5ede7dc7f9b30d58e0d9471e6af376afea5b5a8f80e275

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:17:27 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 10:11:08 GMT
server: AmazonS3
age: 4846
etag: "6f40b960e86ce600387b0c4d621f9d7b"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 9019
x-amz-cf-id: uD6ur_v59iWcX-AT2EW2c_DPjiCLJPLvZ7jYL0KhymdR_WKWdzjXEg==

GET
H2 200 message-modern.5c087bbe.js Show response
js.intercomcdn.com/ Frame B4E8 92 KB
24 KB 15ms
15ms Script
application/javascript 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/message-modern.5c087bbe.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.1cd2e224.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f70a10992f4d355bb6280a7939fa9884658489249a15d6043caedecf583dbea3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:17:27 GMT
content-encoding: gzip
last-modified: Thu, 14 Jan 2021 10:11:08 GMT
server: AmazonS3
age: 4846
etag: "a7881a7bff84ea4213c67038d46f4581"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 24134
x-amz-cf-id: rTgaciZ2ROMZ0TYJwlpKhNiJ96r_620o73WQdG1vVNSYD5Y_k8oYUg==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
87 B 13ms
12ms XHR
text/plain 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1233965899&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.geoedge.com%2Fransomware-impostor-malvertising-attack%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Scammers%20Impersonate%20Local%20Police%20in%20%27Impostor%27%20Attack%20%7C%20GeoEdge&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Intercom%20Messenger&ea=Triggered%20Message&el=Custom%20Bot%20ID%3A%20%27220791%27&_u=KFBAAUABAAAAAC~&jid=1886924929&gjid=203214896&cid=649871935.1611113863&tid=UA-155362157-1&_gid=1257472264.1611113863&_r=1&_slc=1&z=644601117

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.geoedge.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dismiss.249568e7.png
js.intercomcdn.com/images/ Frame D577 124 B
515 B 14ms
14ms Image
image/png 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js.intercomcdn.com/images/dismiss.249568e7.png
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3878bc01fed86222528eaaad9dd98fac94e82c88e7d8bf6e5e3750db93f6caa3

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 20 Jan 2021 02:35:16 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
last-modified: Fri, 18 Dec 2020 14:22:28 GMT
server: AmazonS3
age: 3794
etag: "249568e72cec7bca9d1887e46abe4f74"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000, s-maxage=7200, public
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 124
x-amz-cf-id: cY_bDZnruthTllgRJPApj6WuFGld5w5CQt1TJqanW3TH7lmy2AgNdg==

GET
H2 200 proximanova-semibold.46e3f047.woff
js.intercomcdn.com/fonts/ Frame D577 28 KB
29 KB 382ms
353ms Font
font/woff 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/fonts/proximanova-semibold.46e3f047.woff
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a4f797cc141bbd16a3341cf3f4f482f0ecd00e14c206cbd2f77c5ca7bc9e704

Request headers

Origin: https://www.geoedge.com
Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:57 GMT
via: 1.1 b9394c80294503e08bddf2381e55e810.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
content-length: 28732
last-modified: Tue, 19 Jan 2021 12:06:19 GMT
server: AmazonS3
etag: "46e3f047b6d568624167376a87e01ebd"
vary: Origin
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: y1QMZpzhZnrmOObfv1JEddb4kUqFE0lrhJrQlHAjm3d8fCumiWdXxw==

GET
H2 200 proximanova-regular.a7942249.woff
js.intercomcdn.com/fonts/ Frame D577 28 KB
29 KB 369ms
340ms Font
font/woff 65.9.73.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/fonts/proximanova-regular.a7942249.woff
Requested by: Host: www.geoedge.com
URL: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20

Request headers

Origin: https://www.geoedge.com
Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 20 Jan 2021 03:37:57 GMT
via: 1.1 b9394c80294503e08bddf2381e55e810.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
content-length: 28960
last-modified: Tue, 19 Jan 2021 12:06:19 GMT
server: AmazonS3
etag: "a7942249ca925ef356c0f2b1dab17ef3"
vary: Origin
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: 9oskB3nOXas6LQjXMmLlzT4Xt9z1dEfH3hW9J8fNtQofpvPiz7JwIA==

GET
H2 200 custom_avatar-1594901699.png
static.intercomassets.com/avatars/3657146/square_128/ Frame D577 5 KB
5 KB 79ms
19ms Image
image/jpeg 13.225.80.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.intercomassets.com/avatars/3657146/square_128/custom_avatar-1594901699.png?1594901699
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.116 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-116.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 924d7b08f6550b74cae5bb7dad1be161000aa184554db7ff6fd24adec1300650

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 19 Jan 2021 20:24:17 GMT
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62f.cloudfront.net (CloudFront)
etag: "fabc72dcb4d46d521629875fea37e1ae"
last-modified: Thu, 16 Jul 2020 12:15:01 GMT
server: AmazonS3
age: 26020
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 5009
x-amz-cf-id: bitz8RLIJkJRRDv7qTQSK4GsNBrQn-A-eHUhZqIgoTH2CCEZ-oHmFw==

GET
DATA 200
OK truncated
/ Frame D577 88 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa4082c168ffc52a30143e6c268a960f3070c0c2c1ccb57273986dbbe6a43b4e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 tenor.gif
gifs.intercomcdn.com/images/dacb476966cd5165688d4a4326d5d695/ Frame D577 1 MB
1 MB 77ms
18ms Image
image/gif 143.204.94.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gifs.intercomcdn.com/images/dacb476966cd5165688d4a4326d5d695/tenor.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.58 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-58.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e9bc67c52c472c088f3356af0147b299ff314835c426bc50ad6e0c5ca64e54a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront), 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 16 Mar 2017 16:15:36 GMT
server: AmazonS3
age: 58054
etag: "dacb476966cd5165688d4a4326d5d695"
x-cache: Hit from cloudfront
content-type: image/gif
date: Tue, 19 Jan 2021 11:30:23 GMT
x-amz-cf-pop: FRA2-C2, FRA50-C1
accept-ranges: bytes
content-length: 1050069
x-amz-cf-id: 5w7-cuIbrR5YtO50jD2Ea85kQatsxxSpZp8UuYauig9GHnIJJ5MivA==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=1886924929&gjid=203214896&_gid=1257472264.1611113863&_u=KFBAAUABAAAAAC~&z=2041335563

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 20 Jan 2021 03:37:56 GMT
content-type: text/plain
access-control-allow-origin: https://www.geoedge.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=1886924929&_u=KFBAAUABAAAAAC~&z=1571185999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-155362157-1&cid=649871935.1611113863&jid=1886924929&_u=KFBAAUABAAAAAC~&z=1571185999

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.geoedge.com/ransomware-impostor-malvertising-attack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Jan 2021 03:37:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

208 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.geoedge.com/	1970-01-19 15:31:53	Name: _hjIncludedInSessionSample Value: 1
.geoedge.com/	1970-01-19 15:31:53	Name: _gat_gtag_UA_155362157_1 Value: 1
www.geoedge.com/	1970-01-19 15:31:53	Name: _hjIncludedInPageviewSample Value: 1
.geoedge.com/	1970-01-19 15:31:55	Name: _hjFirstSeen Value: 1
.geoedge.com/	1970-01-20 00:17:29	Name: _hjid Value: b5e29894-2459-4457-bb60-33c28c09be34
.geoedge.com/	1970-01-19 17:41:29	Name: _fbp Value: fb.1.1611113863709.2031044565
.www.geoedge.com/	1970-01-19 17:41:29	Name: _rdt_uuid Value: 1611113863534.2a27105d-ff9e-4643-805b-92c65c80ce08
.geoedge.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
.geoedge.com/	1970-01-19 15:33:20	Name: _gid Value: GA1.2.1257472264.1611113863
.geoedge.com/	1970-01-20 09:03:05	Name: _ga Value: GA1.2.649871935.1611113863
.geoedge.com/	1970-01-19 15:31:55	Name: _hjAbsoluteSessionInProgress Value: 0
.www.geoedge.com/	1970-01-19 16:15:05	Name: __cfduid Value: dca95b7de2bcb5b77239eba04a1173c3f1611113862

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.geoedge.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

150ydc1bez4h3j62ju2eiivi-wpengine.netdna-ssl.com
a.omappapi.com
alb.reddit.com
api-iam.intercom.io
api.ipregistry.co
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
gifs.intercomcdn.com
go.geoedge.com
in.hotjar.com
js.intercomcdn.com
maps.googleapis.com
pi.pardot.com
px.ads.linkedin.com
q.quora.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
static.intercomassets.com
stats.g.doubleclick.net
vars.hotjar.com
widget.intercom.io
www.facebook.com
www.geoedge.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
13.224.194.51
13.224.194.78
13.224.194.79
13.225.80.116
141.193.213.21
143.204.94.58
151.101.113.140
23.111.11.71
2600:1901:0:f651::
2620:1ec:21::14
2a00:1450:4001:809::2004
2a00:1450:4001:80b::2003
2a00:1450:4001:815::2008
2a00:1450:4001:815::200e
2a00:1450:4001:816::200e
2a00:1450:4001:817::200a
2a00:1450:4001:821::2003
2a00:1450:4001:821::200a
2a00:1450:4001:825::200a
2a00:1450:400c:c00::9c
2a02:26f0:6c00:28c::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
3.227.227.165
35.174.151.106
35.174.78.146
54.171.249.106
65.9.73.2
65.9.73.93
75.2.88.188
94.31.29.64
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02f5c7ee73ca007f1015cdf262d9123c46afee62dadc7888c6079d66e2dda0de
05cb4002e73d59b4ce5b702068f39413e152eee56f100c733892cf13d012129c
0601cce93628532ba81aabc44878032d646168feaa26a9a8ab0f21c708fea3e4
08062d92d5bf7f958a2fa5decb8f8de0547ba5cc9aa5862b1ebae81124112deb
0cd33d4d39efabbda68564e16a219fb56655864ce175fb0d26c869b8e7eb61cb
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12aae45dbaf66e541e14694a7810a96fdd8b17f9ac5f5346fdc23d61d6fd74b0
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
18397b99b919ec89770bc35356d29a5d9ce85353a2cc980a650e5e0fa20b2a20
1b77ba7baafea04a0c24926ca85eb8c18720bc4db1e0006e3be72131dd999007
1ec7ef361b39d03f5492b637bd9c1f8c48b0fa31863a93c4ebd90c060bce1ed3
22fb3a858d0cd96065e7ba2202b49d384290d4edb0ba0aef3eadec806f80209d
2640c4595fbc86b33401ce34230f8871add04b382ed281473dbd7fb6513c28d7
2664da1caf3ab3a3ab14db16d7d7a4ef53d15c68c719cd867180c71cb97bda89
2b894dd503aa84e71ca6e7d072f2c86940f312580b8d94949abce82135a961ce
2db04ff2712055e29a4b50d0d10da853676f78c909789308b771d4cba4c9261c
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2eed1a8bec68dabc8c451feac27d569abbb682d85f72b6e63622795a7fb02930
312d785529690de48b81c39a3a6a7fcec6f775d6da42d17c42c8b01414219e05
343d64d9d7d250081b97e7ead05e3ba8362712807e644d2dd465d999fe138c56
3685c3818240f5f390073c7d04f944a5cb5d848093224f3a7888034e8c050eb4
3878bc01fed86222528eaaad9dd98fac94e82c88e7d8bf6e5e3750db93f6caa3
3a9e3d14a02512a0fadb5925cf88ee790bf011be2951000bd199b0d310bdd4b5
3d2001d44410305bd5994d6ab905479e04f45bfde1c2761343d44df28b848543
3ee0806e69f2ae70a2267a58ac5fc5d52b5aa7aca6f3c0c08adad605fd8fbc16
43a458cef13603c03bae98ea2261b9cb0cd01cde9b8a970d72f47787c7a986c8
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
531ebcdc1266cc339d758081298765fe57632b9643e4fafefa55586aa9c06ba2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5c1b181be71805af9ab198f1add6fd5eacfad2d0a663c77c0717b037795fcb47
5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981
5f3592a8b8037ea064764a2815799612063c6722d314d1d66d3a9391c3c16d66
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fd6a19381798d3ca0593e5adbf098a3190ff388a532ec0fee658bc56039701f
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
61bea66b7809eb03f0e2f1ef211c9569ebd676ac8d1a90e2a637440c55668a90
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
63271dcce1a2518271ecc2b0bdcc5afc9c5f0968a8635e0f97a4c9747309eb82
6adbff61e2b8ffc9327744603e7d6d131109a5708ee3cb35b9dfb24ee9ddc6d4
6bf48a816337d3114312c958252eceee63f47fb2acd1c6027ef51b27239961e3
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
722a90d42ef2bd0ea38f0fdac6b4c0523aa4a027e9ffe889972100746e165582
7340a92832e425db9571e55592467d2ca687510524d6d8fe04f95b7db0930024
7440dbf47430ea3bf7f37fd982699a9abc7d999bad2b18517fdcc2d897ea03c8
76db9f551b7db5199f25bc0051c76d8e6d7aaac5cc1456e235693d9df8a4971a
79f7f7c597621b0819fd6064ca796e1c14588948be9073f6069499d3f1c7865b
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
7f9a44c6380de9dad00c68412b2420fc5132e4013bf2f62d9daee5da9d151674
8215fb8f99029767d8081516dd5c245f65f3a5c3bd78fdec0d9889b0f549703f
84a70c4bfbbe784424d5c49501f50c1702a15f1f2ede30a8c81f896e63407564
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c128e1e6d9d5bee37422cf18efdd281dddc7906526fa9a6b861eeae80734382
8c8c74a9983d5e4e3b571871e858c3efff7f06ec7f51d4fea217f57228d70929
91d744bf23ae2d21a6565a51934c39e0f8fa6121b958f2998a1979ee7ba2fa9d
9200991ec41c1110786698efe54f4cfc3d07076578d535b8f1184c309e9e09d0
924d7b08f6550b74cae5bb7dad1be161000aa184554db7ff6fd24adec1300650
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
947b7ccb1ff6effa4ba2c2a9b29c5ed5c3caf45e1c65109041676da35dfce9a5
9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19
9a4bac284c8199083aa927a16b56052f0563fbe2d60f8de085bf827ae6a6b5e8
9a4f797cc141bbd16a3341cf3f4f482f0ecd00e14c206cbd2f77c5ca7bc9e704
9be6923457d76debf4c512fac0a2173aaa94748868d26566515ce2a4156d083d
9c79af07bb9826285d93f315dcbf714425539c9347fc74ced1ed71312a788fe0
9d2d8043c302d3a9da9277374a53e2285c471d5dc8397885b4931b82771d5cae
9fb0c86af1c13c5131417bf4ef98a45a1f83f0cc2990096ceb5bb666722efaf7
a1f922427c2cc76d295f23268675e82ed3465b71dbbb6fc06633cfd2c1010760
a227ce439affad1a1240b2e767b51bfedb99c771f68ae2fc4155089ca57bc421
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
a89eff3892013214c69fba61e95f78271fceebaf466217a783f1f568eeef71cc
a8d5c4813c108e1301a5de036c6ee7d0cc38eafdd89b24728dd1dbb25c4aa155
a8dce86110cd38f829e33dc3173e613a62394b7493745d40626b7e85a7549d82
a97ccf742d54079d2ad298d349d023a91bb1c89f57c1198758cbf88cce0645e8
aac03b929f3059e58516e385ee7b97ba2d86659c16961a4428d7c563d4cc5c0a
ad1e595d26035487333f48604244ddab94b13bec3e2f4545f13d8dd8a3ecba20
ad55816ac6c62f214e60a1913ff4f0215ab329034cbc7436a5514941449ca7b9
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1aa06690d5ab9d485e6d507b1b692c9dcfd7dc1c3a2018631b07345df48b080
b37a604b4add99725c3a9e6b0440fc4452f71139517e7d7deb452ed98499068c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b90235ec9bc263f39c42124e7a9b508c13396b06d58d064e942d18ffaab5317e
c00a976553b29095c7f1f5c1ff4b5cb502c92e77edc4824b528dfd4141068b63
c2c7aef7d1403505ba5ede7dc7f9b30d58e0d9471e6af376afea5b5a8f80e275
c4dc799d09b15e57ee98e3c3866ca16f53354cb79838d3aa6c9c961292151858
c528c775cd327d691d4fe95641120cde10e3f506ed5017276abffacbe4a077fe
c56e7f38dec5111c07273ca1907a7a1662cebc9f2a58af8c7bdffbd372834ed4
cbb40823d4f853e9eb7090d32e965a4b84d11741cafec5c80579a546fac7f595
cc8f54b88adb7947922a3a42849925398e3ac0cce2e65e3ee7a9fb9d8a854ce0
ce090bf0fcbb6f2daa322c1dcd8e1ce7dab2a861613d1a4d3e96307d20bd6d69
d220712fbafe9fecbeb4121c41957d093a4e49ba70846ffd8578d03aabec1c21
d308951cabd1ebba886753a70068a5d2a37e73774a9cf33001ed78141bb8beaf
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d70d9853ff87464d69a8174e3a76633bf29e45aaafcbccb214c10722b2b9714c
d74979888d6254cdc669ed2c903ae7aca6774f40deabc6d51594454c0f39b90e
dc2894c8ebd4630bda2d7dda759714625169cf1b87450bc0da89511d7bc453e6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e106228d4bbbe5069b52a80eaed70ec81b6a73dfd253e181a46f28d47b8fbf01
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e61ac08ccbbff6ae298e168c6d2fb069e5db7c122fe07f7e2e4ce1dbb01a58fb
e832a1a175e07837da23996382a864bafc75a4f0a242140b7976d38ae12b375c
e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50
e9bc67c52c472c088f3356af0147b299ff314835c426bc50ad6e0c5ca64e54a9
ea38b4cce3e30cce37f6dfe72f5d2f1cf6bc57e83152dd4c226b67fd5d8bc5f7
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
ee9f79537f9812a503284d521700c10e2a7f2619cceae89208cee3e261cd799b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d9645e5b539db9cca3b3f5bf1614bbe8d9ec82892602698e7c08fee539354c
f0ff7b6a0ed942e506fbbc3076e1f71ae3d9c4dfc334ea1eeb44cce3bdcf799e
f1a9e29a400bb7060047619c073d32a58437dfabaa0edcf8e90d4c6a8b192bc3
f1dbbc4be8d88ae17466b1d7a8fd7bf4f9d9b5ab492719cdea721d82cecb738d
f28409bc25a96492d606856bb672eec28a67aae67ce150f8853ac10b1a4eebf5
f70a10992f4d355bb6280a7939fa9884658489249a15d6043caedecf583dbea3
f9f1eecc5dd637da4a647ec78efa903fd42be6c0702aa9245fed73db252f3120
fa4082c168ffc52a30143e6c268a960f3070c0c2c1ccb57273986dbbe6a43b4e
fbb04e2c9dbc68a01814401fe4349e5d1c39528bcfa871d8526d5c2c75d3a07a
fd54122ecfa7b512c36d94b3b0c8348d49c6e90b955a9ca7842494072b4ec54a
fe4b664bee52391d5afcd09ff4357f1c7f5b2bf9a8fe7e4273e9814ebd90f11c
ff01bf43e3dd85db48f8e70c8367e627560b6a9f368497317429d911f497bbe2
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.geoedge.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

126 Requests

100 %HTTPS

50 %IPv6

23 Domains

31 Subdomains

31 IPs

6 Countries

5805 kBTransfer

14941 kBSize

12 Cookies

10 Outgoing links

Page URL History

Redirected requests

126 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.geoedge.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

126
Requests

100 %
HTTPS

50 %
IPv6

23
Domains

31
Subdomains

31
IPs

6
Countries

5805 kB
Transfer

14941 kB
Size

12
Cookies

126 HTTP transactions
8 data transactions