www.itworldcanada.com Open in urlscan Pro
64.140.125.207 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Submission: On July 18 via manual (July 18th 2017, 1:23:59 pm UTC) from US

Summary HTTP 133 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 36 IPs in 6 countries across 25 domains to perform 133 HTTP transactions. The main IP is 64.140.125.207, located in London, Canada and belongs to START-CA - Start Communications, CA. The main domain is www.itworldcanada.com.

This is the only time www.itworldcanada.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
38	64.140.125.207 64.140.125.207	40788 (START-CA) (START-CA - Start Communications)
4	199.96.57.6 199.96.57.6	13414 (TWITTER) (TWITTER - Twitter Inc.)
4	52.85.89.107 52.85.89.107	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a03:2880:f01... 2a03:2880:f01c:8004:face:b00c:0:8c	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	52.218.128.4 52.218.128.4	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	37.252.172.80 37.252.172.80	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
4	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE - Google Inc.)
8	172.217.21.98 172.217.21.98	15169 (GOOGLE) (GOOGLE - Google Inc.)
14	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	104.16.88.26 104.16.88.26	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2400:cb00:204... 2400:cb00:2048:1::6819:4b75	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2400:cb00:204... 2400:cb00:2048:1::6814:15ef	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	104.16.87.26 104.16.87.26	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	208.100.17.190 208.100.17.190	32748 (STEADFAST) (STEADFAST - Steadfast)
2	151.101.112.134 151.101.112.134	54113 (FASTLY) (FASTLY - Fastly)
2	104.24.11.90 104.24.11.90	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	64.140.125.133 64.140.125.133	40788 (START-CA) (START-CA - Start Communications)
1	208.100.17.188 208.100.17.188	32748 (STEADFAST) (STEADFAST - Steadfast)
1	64.140.125.136 64.140.125.136	40788 (START-CA) (START-CA - Start Communications)
1	52.85.89.136 52.85.89.136	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.30.90.179 52.30.90.179	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.157.92.151 35.157.92.151	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	5.153.20.140 5.153.20.140	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
5	2400:cb00:204... 2400:cb00:2048:1::6810:4fa6	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY - Fastly)
2	52.7.195.62 52.7.195.62	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2606:2800:234... 2606:2800:234:1a46:1c04:1676:610:129d	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER - Twitter Inc.)
18	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	2400:cb00:204... 2400:cb00:2048:1::6813:c466	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
2	34.195.195.40 34.195.195.40	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2400:cb00:204... 2400:cb00:2048:1::6814:14ef	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
133	36

38 64.140.125.207 (London, Canada)

ASN40788 (START-CA - Start Communications, CA)

www.itworldcanada.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.96.57.6 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.85.89.107 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-89-107.jfk6.r.cloudfront.net

d2z178pveyogmv.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8004:face:b00c:0:8c (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

view.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.218.128.4 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.80 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 152.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::2002 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.21.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra07s32-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80b::2001 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.88.26 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

tcr.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6819:4b75 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdn.luckyorange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6814:15ef (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.87.26 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

sc.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.190 (Chicago, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: ip190.208-100-17.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

itworldcanada.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.24.11.90 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.125.133 (London, Canada)

ASN40788 (START-CA - Start Communications, CA)

www.itwc.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.188 (Chicago, United States)

ASN32748 (STEADFAST - Steadfast, US)
PTR: ip188.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.125.136 (London, Canada)

ASN40788 (START-CA - Start Communications, CA)

messagent.itworldcanada.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.89.136 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-89-136.jfk6.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.90.179 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-90-179.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.92.151 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-92-151.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.153.20.140 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 8c.14.9905.ip4.static.sl-reverse.com

i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:cb00:2048:1::6810:4fa6 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.7.195.62 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-7-195-62.compute-1.amazonaws.com

bb.itwc.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:1a46:1c04:1676:610:129d (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6813:c466 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.195.195.40 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-195-195-40.compute-1.amazonaws.com

default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6814:14ef (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

rum-collector.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	itworldcanada.com www.itworldcanada.com messagent.itworldcanada.com	534 KB
19	twimg.com cdn.syndication.twimg.com pbs.twimg.com ton.twimg.com	109 KB
17	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	256 KB
9	doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net	78 KB
5	disquscdn.com c.disquscdn.com	184 KB
5	cloudfront.net d2z178pveyogmv.cloudfront.net d10lpsik1i8c69.cloudfront.net	60 KB
5	twitter.com platform.twitter.com syndication.twitter.com	54 KB
4	tynt.com tcr.tynt.com sc.tynt.com ic.tynt.com de.tynt.com	16 KB
3	itwc.ca www.itwc.ca bb.itwc.ca	22 KB
3	disqus.com itworldcanada.disqus.com disqus.com	20 KB
2	elasticbeanstalk.com default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com	33 B
2	luckyorange.net settings.luckyorange.net	192 B
2	pingdom.net rum-static.pingdom.net rum-collector.pingdom.net	3 KB
2	google-analytics.com www.google-analytics.com	31 KB
2	googleapis.com ajax.googleapis.com	66 KB
2	adnxs.com ib.adnxs.com	668 B
2	amazonaws.com s3-us-west-2.amazonaws.com	27 KB
1	cloudflare.com cdnjs.cloudflare.com	29 KB
1	simpli.fi i.simpli.fi	43 B
1	eyeota.net ps.eyeota.net	70 B
1	cpx.to s.cpx.to	95 B
1	luckyorange.com cdn.luckyorange.com	1 KB
1	googletagservices.com www.googletagservices.com	2 KB
1	atdmt.com view.atdmt.com	42 B
0	bluekai.com Failed tags.bluekai.com Failed
133	25

	Domain	Requested by
38	www.itworldcanada.com	www.itworldcanada.com tpc.googlesyndication.com securepubads.g.doubleclick.net
16	pbs.twimg.com	www.itworldcanada.com
14	tpc.googlesyndication.com	securepubads.g.doubleclick.net
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.itworldcanada.com
5	c.disquscdn.com	itworldcanada.disqus.com
4	d2z178pveyogmv.cloudfront.net	www.itworldcanada.com
4	platform.twitter.com	www.itworldcanada.com platform.twitter.com
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.itworldcanada.com
2	default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com	ajax.googleapis.com
2	ton.twimg.com	platform.twitter.com
2	bb.itwc.ca	www.itworldcanada.com bb.itwc.ca
2	settings.luckyorange.net	cdn.luckyorange.com www.itworldcanada.com
2	itworldcanada.disqus.com	www.itworldcanada.com
2	www.google-analytics.com	www.itworldcanada.com
2	ajax.googleapis.com	www.itworldcanada.com
2	ib.adnxs.com	www.itworldcanada.com
2	s3-us-west-2.amazonaws.com	www.itworldcanada.com
1	rum-collector.pingdom.net	www.itworldcanada.com
1	cdnjs.cloudflare.com	bb.itwc.ca
1	syndication.twitter.com	www.itworldcanada.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	disqus.com	itworldcanada.disqus.com
1	i.simpli.fi	www.itworldcanada.com
1	ps.eyeota.net	www.itworldcanada.com
1	s.cpx.to	www.itworldcanada.com
1	d10lpsik1i8c69.cloudfront.net	cdn.luckyorange.com
1	messagent.itworldcanada.com	www.itworldcanada.com
1	de.tynt.com	tcr.tynt.com
1	www.itwc.ca	securepubads.g.doubleclick.net
1	ic.tynt.com	www.itworldcanada.com
1	sc.tynt.com	tcr.tynt.com
1	stats.g.doubleclick.net	www.itworldcanada.com
1	rum-static.pingdom.net	www.itworldcanada.com
1	cdn.luckyorange.com	www.itworldcanada.com
1	tcr.tynt.com	www.itworldcanada.com
1	www.googletagservices.com	www.itworldcanada.com
1	view.atdmt.com	www.itworldcanada.com
0	tags.bluekai.com Failed	www.itworldcanada.com
133	38

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.linkedin.com
plus.google.com
epubs.itworldcanada.com
www.itwc.ca
my.itworldcanada.com
www.gettyimages.ca
www.cytelligence.ca
www.foxnews.com
ca.linkedin.com
adclick.g.doubleclick.net
www.itbusiness.ca
www.computerdealernews.com
www.directioninformatique.com
digital.itwc.ca

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2	`2016-07-18` - `2017-10-26`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G2	`2017-07-05` - `2017-09-27`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-07-05` - `2017-09-27`	3 months	crt.sh
ssl376282.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-06-28` - `2018-01-04`	6 months	crt.sh
*.tynt.com COMODO RSA Domain Validation Secure Server CA	`2014-10-14` - `2019-10-13`	5 years	crt.sh
tpc.googlesyndication.com Google Internet Authority G2	`2017-07-05` - `2017-09-27`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2015-02-04` - `2018-04-09`	3 years	crt.sh
ssl376270.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-04-07` - `2017-10-14`	6 months	crt.sh
*.cloudfront.net Symantec Class 3 Secure Server CA - G4	`2016-10-26` - `2017-12-17`	a year	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2016-12-18` - `2017-12-18`	a year	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2017-04-04` - `2018-05-25`	a year	crt.sh
*.twvid.com DigiCert SHA2 High Assurance Server CA	`2016-08-04` - `2019-10-02`	3 years	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2015-07-30` - `2018-08-03`	3 years	crt.sh
*.twimg.com DigiCert SHA2 Secure Server CA	`2016-11-28` - `2017-12-06`	a year	crt.sh

This page contains 12 frames:

Primary Page: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Frame ID: 14452.1
Requests: 85 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 14452.2
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 14452.3
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 14452.4
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 14452.5
Requests: 5 HTTP requests in this frame

Frame: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Frame ID: 14452.6
Requests: 9 HTTP requests in this frame

Frame: http://tags.bluekai.com/site/27519?dt=0&r=764024187&sig=1579726073&bkca=KJpnEnaNpQlN2x7nvUVt+w91E9XrnYMp3UJ1PpPt9uvNG+xutT0ulO0NGLuXkwhzV6BE9yBMYh1M/t1px019S79uyx==
Frame ID: 14452.7
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=itworldcanada&t_i=394844%20http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2F%2F394844&t_u=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&t_e=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack&t_d=%0A%0ACanadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack%09%09%09%09&t_t=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack&s_o=default&l=
Frame ID: 14452.9
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 14452.11
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 14452.12
Requests: 1 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/887067040246312960/IKh9Snl0?format=jpg&name=144x144_2
Frame ID: 14452.10
Requests: 25 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 14452.21
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

133
Requests

45 %
HTTPS

37 %
IPv6

25
Domains

38
Subdomains

36
IPs

6
Countries

1492 kB
Transfer

3438 kB
Size

14
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/user?screen_name=itworldca
Title:

Search URL Search Domain Scan URL

URL: http://www.facebook.com/ITWorldCa
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/groups?mostPopular=&gid=2975608
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/b/112118513090353224053/+ItworldcanadaITWC/posts
Title:

Search URL Search Domain Scan URL

URL: http://epubs.itworldcanada.com/
Title: Digital Magazines

Search URL Search Domain Scan URL

URL: http://www.itwc.ca/contact-us.php
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://my.itworldcanada.com/index.php/user/register
Title: Subscribe

Search URL Search Domain Scan URL

URL: http://www.gettyimages.ca/
Title: GettyImages.ca

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/user?screen_name=HowardITWC
Title: @HowardITWC

Search URL Search Domain Scan URL

URL: http://www.cytelligence.ca/
Title: Cytelligence

Search URL Search Domain Scan URL

URL: http://www.foxnews.com/tech/2017/06/21/ransomware-attack-costs-south-korean-company-1m-largest-payment-ever.html
Title: South Korean Web hosting firm reportedly paid

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844&text=Canadian+firm+pays+%24425%2C000+to+recover+from+ransomware+attack
Title:

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844&t=Canadian+firm+pays+%24425%2C000+to+recover+from+ransomware+attack
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844&title=Canadian+firm+pays+%24425%2C000+to+recover+from+ransomware+attack&source=http://www.itworldcanada.com/
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Title:

Search URL Search Domain Scan URL

URL: http://ca.linkedin.com/pub/howard-solomon/22/5a0/aa4
Title: Join Howard Solomon on LinkedIn

Search URL Search Domain Scan URL

URL: https://plus.google.com/100136073123286645667?rel=author
Title: Howard Solomon on Gooogle+

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstaUBy3aWJKlt2Dvo6eOKabPlOvLwRc-fty4EkaSpdQts_w03ApeEz6RmHrzIX0DuYJqJ_OLIXTUDxfywk3ukzjTPFy-RQuYgCN0nxWZZKOsdoBqFo4rnFguHNwJlMve_is8L-CgEd4oWqHYTRQahu0IjaXSjzFD_dSiPGlsUkx5ZnSHgimX_UlT2TtK2uf8gqk_GJDK67-_4-mu9d_9vvNwAa57C-179PxRoTLHGQLl3w&sig=Cg0ArKJSzEXl7rmyJwR1EAE&urlfix=1&adurl=http://itworldcanada.com/messagent.php?ID=AY5A5ggBm4yvLxF2gJFFCmjMQ4XlfT1GIBWNdQVl_e288b6QRb4vQa7Syg4CJpxmyHTcdDX_GtwSfRHmyk
Title: Encrypted Traffic Analytics Register Now

Search URL Search Domain Scan URL

URL: http://www.itwc.ca/
Title: ITWC.ca

Search URL Search Domain Scan URL

URL: http://www.itbusiness.ca/
Title: ITBusiness.ca

Search URL Search Domain Scan URL

URL: http://www.computerdealernews.com/
Title: ComputerDealerNews.com

Search URL Search Domain Scan URL

URL: http://www.directioninformatique.com/
Title: DirectionInformatique.com

Search URL Search Domain Scan URL

URL: http://digital.itwc.ca/f/computer-dealer-news
Title: Computer Dealer News

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/groups?mostPopular=&gid=2975608/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 34

http://ib.adnxs.com/seg?add=1505791&t=1
http://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D1505791%26t%3D1

Request 41

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

Request 42

http://cdn.luckyorange.com/w.js
https://cdn.luckyorange.com/w.js

Request 46

https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=504131276&utmhn=www.itworldcanada.com&utme=8(2!Author*Pub%20Date*Tags*Categories)9(2!Howard%20Solomon*07%2F13%2F2017*%22ransomwa...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2214941-1&cid=1344433557.1500384223&jid=206238312&_v=5.6.7&z=504131276

Request 70

http://itworldcanada.disqus.com/embed.js
https://itworldcanada.disqus.com/embed.js

Request 79

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuvcrBGz4qSLWWBkYxpIcYzSyoqXNjfyalUlv5R2LVJL2J9nPap3z-GPBPYEvHnIkCYpUxzA2I4YibzCrCon8uRErlyGSXWTKqNwr-JRqr2KkWVErIVyCz1aF_6uzzlrv7tBHqlzNjff...
http://www.itworldcanada.com/wp-content/uploads/2017/06/17253D.png

Request 83

http://itworldcanada.disqus.com/count.js
https://itworldcanada.disqus.com/count.js

Request 87

http://www.itworldcanada.com/ads/responsiveslides.min.js
http://www.itworldcanada.com/client/responsiveslides.min.js

Request 94

http://ib.adnxs.com/getuid?http%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3D%26pid%3D11254%26adnxs_uid%3D%24UID
http://s.cpx.to/ca.png?ref=&pid=11254&adnxs_uid=7642065914373073200

Request 95

http://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESENZ8V_N7izvHE3PFw9Bnb4I&google_cver=1

Request 97

http://tags.bluekai.com/site/27519?id=CmUMLVluC98IQgSqpvLzAg%3D%3D&ret=html&random=1500384223612
http://tags.bluekai.com/site/27519?dt=0&r=764024187&sig=1579726073&bkca=KJpnEnaNpQlN2x7nvUVt+w91E9XrnYMp3UJ1PpPt9uvNG+xutT0ulO0NGLuXkwhzV6BE9yBMYh1M/t1px019S79uyx==

Request 102

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

Request 141

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

133 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 394844 Show response
www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/ 56 KB
14 KB 621ms
431ms Document
text/html 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 / PHP/5.4.16
Resource Hash: f3dc752e1b0b1009ec40a3de8cd28bb18f00c8de830848730cdedc0c86e6e2cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:20:16 GMT
Content-Encoding: gzip
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=3600
Connection: Keep-Alive
Link: <http://www.itworldcanada.com/wp-json/>; rel="https://api.w.org/", <http://www.itworldcanada.com/?p=394844>; rel=shortlink
Content-Length: 14535
Keep-Alive: timeout=5, max=100
Expires: Tue, 18 Jul 2017 14:20:16 GMT

GET
H/1.1 200
OK css-boot-min.css
www.itworldcanada.com/wp-content/themes/the-bootstrap/css/ 214 KB
36 KB 230ms
134ms Stylesheet
text/css 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-content/themes/the-bootstrap/css/css-boot-min.css
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 9c1a42fa5566edeaa3ab1e331a51a77bc4ba805e1bd7153dd35b27ca66c87690

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Mar 2017 19:15:42 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "357f2-54a28d695000a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 36491
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK style.css
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/ 41 KB
9 KB 232ms
113ms Stylesheet
text/css 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/style.css
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: e17dacad67e2ba032053d2a9edbf57ea8fd1f0854109db708772924e54a9831b

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Jan 2017 21:09:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "a390-5463c9934354a-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8820
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK it-world-logo.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 11 KB
11 KB 213ms
106ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/it-world-logo.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: df56d241adefc92c443edd2593f99d1e851015ae0952f3f2fab748763b05d93a

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 25 Feb 2016 22:01:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2d06-52c9f54949880"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 11526
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK twitter-header.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 1 KB
1 KB 214ms
107ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/twitter-header.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 353c715208d1f9fc06d5e95ae84173e870da0fec7d2a2ebeebbdcb571ddb0725

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 25 Feb 2016 22:01:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "5ef-52c9f54949880"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1519
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK facebook-header.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 1 KB
1 KB 214ms
107ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/facebook-header.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 8612b33089fae75798f3732ec2b0ada8e35e82f24e3d8e543d26d26df0069128

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 25 Feb 2016 22:01:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "516-52c9f54949880"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1302
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK linkedin-header.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 1 KB
1 KB 198ms
111ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/linkedin-header.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 4bc4ddf821cd9a03c4bfb72e6511e4cb1cde692a395e9bb8b6d19ad236caf39b

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 25 Feb 2016 22:01:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "5d1-52c9f54949880"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1489
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK google-header.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 1 KB
1 KB 198ms
113ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/google-header.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 3133ea85527efbd9affca6e46c0892118fdd2d925e26d7d2b5c1ca27023c3aca

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 25 Feb 2016 22:01:54 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "5ee-52c9f54949880"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1518
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 114 KB
32 KB 11ms
5ms Script
application/javascript 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/widgets.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: d78f2f64f171390e0a5105a5e445b05429e846df4c2163d5204425ba0b3ff1ed

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
Age: 1370
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 33245
X-Served-By: cache-tw-fra1-cr1-20-TWFRA1
Last-Modified: Thu, 13 Jul 2017 17:16:44 GMT
X-Timer: S1500384223.079537,VS0,VE0
Etag: "ab1a87d8b7af389abe64b87f6ba1092e+gzip"
Vary: Accept-Encoding,Host
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Cache-Control: public, max-age=1800
Accept-Ranges: bytes

GET
H/1.1 200
OK blockadblock.js Show response
www.itworldcanada.com/block/ 7 KB
2 KB 101ms
101ms Script
application/x-javascript 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/block/blockadblock.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 5ec358949de628946007f95c47064a064b07271b39e4d26a6b0c27a17b3a0faa

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Feb 2016 22:23:13 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "1c13-52c9fa0d09640-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1961
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK FEATURE-Ransomware-keyboard-GETTY-620x250.jpg
www.itworldcanada.com/wp-content/uploads/2016/08/ 24 KB
24 KB 132ms
101ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2016/08/FEATURE-Ransomware-keyboard-GETTY-620x250.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 6e31aa24a9e60cbab6ed07d2615014ddb6718d64f0c088504a43c8794b674630

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Tue, 16 Aug 2016 03:17:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "5ff9-53a27c997462d"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 24569
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK 166.thumbnail.jpg
www.itworldcanada.com/wp-content/uploads/userphoto/ 4 KB
4 KB 133ms
102ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/userphoto/166.thumbnail.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: f10aeefb066161f38dadd2ed1267852072f9fc1c7a50971b8bf25d4bf8851d84

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Fri, 22 Jan 2016 15:25:46 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "fa1-529edd54af280"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4001
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK FEATURE-Ransomware-keyboard-GETTY-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2016/08/ 9 KB
9 KB 108ms
108ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2016/08/FEATURE-Ransomware-keyboard-GETTY-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 4ae0f5682c1c6512efc959f2ea403eb807b32ba3c9a3bc6526c3cd53aa78f8ca

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Tue, 16 Aug 2016 03:17:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2429-53a27c996c92d"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 9257
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK canadian-money-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2016/11/ 8 KB
8 KB 143ms
111ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2016/11/canadian-money-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 72636a5a2949f0be2270fdda169a36bd71603aaa7f2c709de7e13a2e98a1ccc6

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Mon, 07 Nov 2016 02:15:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2051-540ac99ac3dd2"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 8273
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK shutterstock_122524309-e1422636134169-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2015/01/ 15 KB
15 KB 106ms
106ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2015/01/shutterstock_122524309-e1422636134169-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 021b1b2e4693e6c1fc5498752947c3c08b3317b333afcbb762353f15acce50ca

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Fri, 30 Jan 2015 16:42:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "3a0f-50de149696580"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 14863
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK FEATURE-Phishing-SHUTTERSTOCK-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2015/03/ 13 KB
13 KB 104ms
104ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2015/03/FEATURE-Phishing-SHUTTERSTOCK-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: a33a8b696a97efdf5a58179b0d9cc30409c1716cd0db2aecdb2fa01c004b0bc9

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Tue, 03 Mar 2015 23:12:41 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "344b-5106a78b10c40"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 13387
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK social-twitter.png
d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/ 2 KB
2 KB 330ms
87ms Image
image/png 52.85.89.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/social-twitter.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.85.89.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-107.jfk6.r.cloudfront.net
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash: 68ad5c98ff4e533be77307b324e6665b79f6d284975447165572ea1df524a29c

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Wed, 15 Mar 2017 20:55:39 GMT
Via: 1.1 0f0049492e2872b6e133c50b6cc7be4b.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Jan 2016 21:32:43 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Age: 10772877
ETag: "655-529a27e48d020"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1621
X-Amz-Cf-Id: 5ZObkbUYs0uUa-FzDJVEubURYwHvs1UrXhMMAk79HPgTYsjgyZG3aA==
Expires: Fri, 14 Apr 2017 20:55:39 GMT

GET
H/1.1 200
OK social-facebook.png
d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/ 1 KB
1 KB 319ms
88ms Image
image/png 52.85.89.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/social-facebook.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.85.89.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-107.jfk6.r.cloudfront.net
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash: bf4512e8a7ee4d972499eb80f3f2e02beef0d56236f6cbe339befb5d1671e3b1

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Fri, 12 Aug 2016 23:51:59 GMT
Via: 1.1 01ecdc212033db2688d221d4212e4efd.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Jan 2016 21:32:43 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Age: 29338324
ETag: "59d-529a27e4578a8"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1437
X-Amz-Cf-Id: aUKignRer2zZNcA01C1wA7losNFgQlkdvZtCMysDcvHoXEjL4YLBfw==
Expires: Sun, 11 Sep 2016 23:51:59 GMT

GET
H/1.1 200
OK social-linkedin.png
d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/ 2 KB
2 KB 319ms
88ms Image
image/png 52.85.89.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/social-linkedin.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.85.89.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-107.jfk6.r.cloudfront.net
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash: b9622281558f1979c053d598121153f63ca28439d6532e5a9241be4c3e1e8409

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Aug 2016 19:24:06 GMT
Via: 1.1 7ea42c16b0af66858eb9302f2f610cd6.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Jan 2016 21:32:43 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Age: 27799168
ETag: "688-529a27e47ca68"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1672
X-Amz-Cf-Id: oV8nRkltNltl6rmrrd6sS3lDbbKoVgAzddc7-X6sy4d98FpSFgmsog==
Expires: Thu, 29 Sep 2016 19:24:06 GMT

GET
H/1.1 200
OK social-google.png
d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/ 2 KB
2 KB 319ms
87ms Image
image/png 52.85.89.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d2z178pveyogmv.cloudfront.net/wp-content/themes/cdn-dev-theme/img/social-google.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.85.89.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-107.jfk6.r.cloudfront.net
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash: 709399bef8af81cbb6b283d0ac709a1cfe3579938cff3ca9f782da29f3a2f927

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Fri, 12 Aug 2016 23:51:59 GMT
Via: 1.1 0cd6949155fdc875b62d453c5f6c0005.cloudfront.net (CloudFront)
Last-Modified: Mon, 18 Jan 2016 21:32:43 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Age: 29338324
ETag: "678-529a27e47a358"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1656
X-Amz-Cf-Id: 97Wo1QD4NE1iixElQPFLIAsrXgDFDQqMUqNJMTH7G9k_d3fHgan-AQ==
Expires: Sun, 11 Sep 2016 23:51:59 GMT

GET
H/1.1 200
OK Screen-Shot-2017-07-12-at-7.12.02-PM-300x120.png
www.itworldcanada.com/wp-content/uploads/2017/07/ 68 KB
68 KB 104ms
104ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/07/Screen-Shot-2017-07-12-at-7.12.02-PM-300x120.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 990d4dac086b43546867bbed1587d2b4212b4b754c4c9babea65c830ecd4e109

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Wed, 12 Jul 2017 23:09:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "10fd5-55426e7614590"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 69589
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK Woman-working-with-robots-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2017/07/ 8 KB
8 KB 112ms
103ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/07/Woman-working-with-robots-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 46800921eaa3e82b6f6950f9e0060e2d5a0719354fef1b0499c0247b6fb2c91b

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Thu, 13 Jul 2017 18:44:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "1fc1-55437523d2040"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 8129
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK apple-black-glow-gradient-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2016/05/ 3 KB
3 KB 119ms
111ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2016/05/apple-black-glow-gradient-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: dc72186b52e51efe32f5600cb0ace4b31a0d252fb6d547152b9fc8f49c55dd87

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Wed, 04 May 2016 20:25:18 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "d0e-5320a06298780"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3342
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK FEATURE-random-numbers-encryption-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2014/09/ 16 KB
16 KB 118ms
110ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2014/09/FEATURE-random-numbers-encryption-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: df47209cb632720e2b3ac6eac88702b21633b46b17a6ccc62591c086de0a5bd3

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Wed, 17 Sep 2014 13:31:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "400d-50342e1a58800"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 16397
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK INSIDE-cloud-security-SHUTTERSTOCK-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2014/02/ 14 KB
14 KB 114ms
113ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2014/02/INSIDE-cloud-security-SHUTTERSTOCK-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: b0102543747ba914956a4af6afb00dce3239eab7da760de4ec9b255b820fe031

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Fri, 21 Feb 2014 22:38:34 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "394f-4f2f24830ae80"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 14671
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK IMG_2544-300x120.jpg
www.itworldcanada.com/wp-content/uploads/2014/02/ 9 KB
9 KB 114ms
114ms Image
image/jpeg 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2014/02/IMG_2544-300x120.jpg
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: fc386854f3e57fe9ca9f3c23be40b62576cf3bee2b916a9a75d882889817fc51

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Wed, 12 Feb 2014 13:45:03 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "24c2-4f235c79d35c0"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 9410
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK footer-logo-itworld.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 9 KB
9 KB 106ms
106ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/footer-logo-itworld.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 4e72ba62d0646e00e609593fab0333385f3e84eac3cc9408845df86c037c039a

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Thu, 21 Jan 2016 22:05:03 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2530-529df4b6661c0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 9520
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK footer-logo-itwc.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/ 3 KB
3 KB 111ms
111ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/footer-logo-itwc.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 1c3816a931e5bff306e042e603c5e2eb330e66560dc93a17cd1254d110fc4abc

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Thu, 21 Jan 2016 22:05:03 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "d06-529df4b6661c0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3334
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK drnmc1_MicrosoftOffice365FY13itworldcanadacom_1
view.atdmt.com/action/ 42 B
42 B 44ms
38ms Image
image/gif 2a03:2880:f01c:8004:face:b00c:0:8c
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://view.atdmt.com/action/drnmc1_MicrosoftOffice365FY13itworldcanadacom_1
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 2a03:2880:f01c:8004:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:43 GMT
X-Atlas-Debug: AYKIj6V9zaEepWLTilJljHxwAu3476r9DDv7wdAGc81LAvV63zYnjftIGHJEsoTelIcO9_RcuzlEd0sfpDloVaJb
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: 0

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.itworldcanada.com/wp-includes/js/ 12 KB
4 KB 113ms
113ms Script
application/x-javascript 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-includes/js/wp-emoji-release.min.js?ver=4.8
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: bcb42c4f5eb5b4c7ee08632af417513c6f6002fdf7d4b8d2dea6376f0cadd563

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 16 Jun 2017 21:50:50 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2e45-5521ac758c781-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4299
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK jquery.js Show response
www.itworldcanada.com/wp-includes/js/jquery/ 95 KB
33 KB 112ms
112ms Script
application/x-javascript 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 May 2017 22:23:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "17ba0-54fd3d91f0519-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 33766
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.itworldcanada.com/wp-includes/js/jquery/ 10 KB
4 KB 106ms
106ms Script
application/x-javascript 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 May 2017 22:23:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2748-54fd3d914eb29-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4014
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
s3-us-west-2.amazonaws.com/itworldcanada/js/ 26 KB
26 KB 819ms
280ms Script
application/x-javascript 52.218.128.4
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/itworldcanada/js/bootstrap.min.js?ver=4.8
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.128.4 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4f8d1c73670970f54f0c7c9f2993ee14a3ef0e1319c91e5d38ea2e91fce572a9

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Last-Modified: Tue, 21 Apr 2015 16:14:11 GMT
Server: AmazonS3
x-amz-request-id: 3ACF4663A29C668A
ETag: "9e3fd459eb511a77c00372f43028ce08"
Content-Type: application/x-javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 26912
x-amz-id-2: 7xdep6bsQdvTcNNrsdxgyYeqL2qDZraS3jTRo1dPR3gXyeh+MgO5setKlMl0o8fF+7GHSiNa1Bw=

GET
H/1.1 200
OK the-bootstrap.min.js Show response
s3-us-west-2.amazonaws.com/itworldcanada/js/ 499 B
499 B 734ms
192ms Script
application/x-javascript 52.218.128.4
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/itworldcanada/js/the-bootstrap.min.js?ver=4.8
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.128.4 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5778b44cba918dfc38ab166b4d6befc29eeeb368e9d7cc1c80179e4919831b79

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Last-Modified: Tue, 21 Apr 2015 16:14:19 GMT
Server: AmazonS3
x-amz-request-id: 541133E2960A6C4A
ETag: "e82ba71d4e06fd6f4ba763034589cf25"
Content-Type: application/x-javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 499
x-amz-id-2: hzHcLWDfk+/tfiNW6tnjNQQhoedW/BdXGlMRvPDrRd5gD9KXj5DqkRhIc2KnhLGmkJxyGqRWnpw=

GET
H/1.1 200
OK wp-embed.min.js Show response
www.itworldcanada.com/wp-includes/js/ 1 KB
751 B 106ms
106ms Script
application/x-javascript 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/wp-includes/js/wp-embed.min.js?ver=4.8
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 May 2017 22:22:44 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "576-54fd3d800d379-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 751
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/
Redirect Chain

http://ib.adnxs.com/seg?add=1505791&t=1
http://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D1505791%26t%3D1

334 B
334 B

7ms
7ms

Script
application/javascript

37.252.172.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

http://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D1505791%26t%3D1

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

37.252.172.80 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

152.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.11.5 /

Resource Hash

9c3df1abf041c66eeb9cf92970fb183081c809601641a9a54a484974982c4d92

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:45 GMT
X-Proxy-Origin: 148.251.45.170; 148.251.45.170; 152.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.6:80
AN-X-Request-Uuid: 5984220e-1883-473f-8585-3cb71250809f
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 334
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:45 GMT
X-Proxy-Origin: 148.251.45.170; 148.251.45.170; 152.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.24:80
AN-X-Request-Uuid: 1205d696-99e3-423b-9d31-eefdc66f424f
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: http://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D1505791%26t%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK seg Show response
ib.adnxs.com/ 334 B
334 B 20ms
20ms Script
application/javascript 37.252.172.80
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

http://ib.adnxs.com/seg?add=1486207&t=1

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

37.252.172.80 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

152.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.11.5 /

Resource Hash

9c3df1abf041c66eeb9cf92970fb183081c809601641a9a54a484974982c4d92

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:45 GMT
X-Proxy-Origin: 148.251.45.170; 148.251.45.170; 152.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.21:80
AN-X-Request-Uuid: 2f64e4ce-ead7-4b46-9f10-b8f50fba4c69
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 334
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.2/ 91 KB
33 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:824::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 25 May 2017 13:15:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
Server: sffe
Age: 4666118
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 33621
X-XSS-Protection: 1; mode=block
Expires: Fri, 25 May 2018 13:15:05 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 4 KB
2 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:81f::2002
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

468ad667912603497d23c0a77192f47ce8a9d4d4523c65eba48f618489986e6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 18 Jul 2017 13:17:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Jul 2017 22:17:46 GMT
Server: sffe
Age: 367
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1717
X-XSS-Protection: 1; mode=block
Expires: Tue, 18 Jul 2017 13:17:35 GMT

GET
S 200 pubads_impl_138.js Show response
securepubads.g.doubleclick.net/gpt/ 191 KB
66 KB 38ms
12ms Script
text/javascript 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

sffe /

Resource Hash

c92c5a06aca2d402e0031f78d26391e8f0cbfb4e2871a133ea50cbd3a1f11103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 14 Jul 2017 21:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 315151
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 68036
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Jul 2017 20:50:40 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Jul 2018 21:51:12 GMT

GET
H/1.1 200
OK container.html
tpc.googlesyndication.com/safeframe/1-0-9/html/ 3 KB
2 KB 13ms
7ms Other
text/html 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://tpc.googlesyndication.com/safeframe/1-0-9/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

ae5f50b2f37e6d987eeeab05cc75c24906e6c4ccd7bb9f1ad842d635d3dfaee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Purpose: prefetch
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Thu, 13 Jul 2017 22:36:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 24 May 2017 18:50:59 GMT
Server: sffe
Age: 398820
Vary: Accept-Encoding
Content-Type: text/html
Cache-Control: public, immutable, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1770
X-XSS-Protection: 1; mode=block
Expires: Fri, 13 Jul 2018 22:36:43 GMT

GET
H/1.1 200
OK ti.js Show response
tcr.tynt.com/ 43 KB
15 KB 14ms
9ms Script
application/javascript 104.16.88.26
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL: http://tcr.tynt.com/ti.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 104.16.88.26 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: 130737120951b5567d2f9a42bfa334a5e667caa59078fdace37f01179fc1488d

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Fri, 07 Jul 2017 15:37:28 GMT
Server: cloudflare-nginx
ETag: W/"595faab8-ac41"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3805c1d2d71a6469-FRA
Expires: Fri, 21 Jul 2017 13:23:43 GMT

GET
S

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

42 KB
16 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:80b::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 2847
date: Tue, 18 Jul 2017 12:36:16 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 16022
expires: Tue, 18 Jul 2017 14:36:16 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
S

200

w.js Show response
cdn.luckyorange.com/
Redirect Chain

http://cdn.luckyorange.com/w.js
https://cdn.luckyorange.com/w.js

3 KB
1 KB

40ms
16ms

Script
application/javascript

2400:cb00:2048:1::6819:4b75
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.luckyorange.com/w.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::6819:4b75 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: 5967e71ac5357e46928007817ecbc81b7119561506beb580492a09d3f5917068

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

cf-ray: 3805c1d32f7063eb-FRA
date: Tue, 18 Jul 2017 13:23:43 GMT
via: 1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2017 20:05:40 GMT
server: cloudflare-nginx
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=14400
content-encoding: gzip
x-amz-cf-id: qF0oLCj-slAjqLqR6ROzVaSxBhNBU7kc84alZvtvnBDWGLHPaMSbuQ==
expires: Tue, 18 Jul 2017 17:23:43 GMT

Redirect headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Server: cloudflare-nginx
Transfer-Encoding: chunked
Location: https://cdn.luckyorange.com/w.js
Cache-Control: max-age=3600
Connection: keep-alive
CF-RAY: 3805c1d2e5750f81-FRA
Expires: Tue, 18 Jul 2017 14:23:43 GMT

GET
H/1.1 200
OK prum.min.js Show response
rum-static.pingdom.net/ 10 KB
3 KB 14ms
8ms Script
application/x-javascript 2400:cb00:2048:1::6814:15ef
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL: http://rum-static.pingdom.net/prum.min.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6814:15ef , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: 57e3ef1ad7bbc96743f140a5b45172acef7f70278f84e721a9f1f664ecb9065a

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Mon, 29 May 2017 08:43:41 GMT
Server: cloudflare-nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3805c1d2e6786385-FRA
Expires: Wed, 19 Jul 2017 13:23:43 GMT

GET
H/1.1 200
OK glyphicons-halflings.png
www.itworldcanada.com/wp-content/themes/the-bootstrap/img/ 12 KB
12 KB 199ms
113ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/the-bootstrap/img/glyphicons-halflings.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: d99e3fa32c641032f08149914b28c2dc6acf2ec62f70987f2259eabbfa7fc0de

Request headers

Referer: http://www.itworldcanada.com/wp-content/themes/the-bootstrap/css/css-boot-min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Wed, 05 Jun 2013 11:36:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "31ff-4de669afac9c0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12799
Expires: Wed, 18 Jul 2018 13:20:17 GMT

GET
S 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 70 KB
11 KB 95ms
94ms Script
text/javascript 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=2746069175732014&output=json_html&callback=googletag.impl.pubads.setAdContentsBySlotForSync&impl=ss&json_a=1&eid=108809080%2C108809103%2C21060543&sc=0&sfv=1-0-9&iu_parts=3034%2Cidg.ca.itwcepp&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1&prev_iu_szs=728x90%2C160x600%7C300x600%2C300x600%2C300x250%2C300x250%2C900x150%2C1x1%2C970x250&ists=2&prev_scp=pos%3Dleaderboardros%7Cpos%3Dskyscraperros%7Cpos%3Dsupersky%7Cpos%3Dbigboxros%7Cpos%3Dbigbox2ros%7Cpos%3Dfooter%7Cpos%3Dinter%7Cpos%3Dsuperleaderboardros&cust_params=wpid%3D394844%26ptype%3Darticle%26c%3Dprivacy%252Csecurity%26t%3Dransomware%252Csecurity-strategies&cookie_enabled=1&abxe=1&lmt=1500384223&dt=1500384223086&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=170%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=1898152435%2C2764879362%2C1210744711%2C1640639909%2C823673414%2C1771414471%2C310270821%2C3259788757&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&dssz=17&icsg=232&std=0&csl=78&vrg=138&vrp=138&ga_vid=1582998143.1500384223&ga_sid=1500384223&ga_hid=1251823271

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

06eadfbe26c2d663c6ee24fb2590eed10661694ca81a87881f83b347ba8a92bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 11415
x-xss-protection: 1; mode=block
google-lineitem-id: 2769955110,2769956070,-2,2986196430,2986198470,4362953428,4363124327,-2
pragma: no-cache
server: cafe
google-creative-id: 114153372270,114153372750,-2,114183758910,114183759630,138206217740,138206222257,-2
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.7&utms=1&utmn=504131276&utmhn=www.itworldcanada.com&utme=8(2!Author*Pub%20Date*Tags*Categories)9(2!Howard%20Solomon*07%2F13%2F2017*%22ransomwa...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2214941-1&cid=1344433557.1500384223&jid=206238312&_v=5.6.7&z=504131276

35 B
53 B

15ms
14ms

Image
image/gif

2a00:1450:400c:c06::9d
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2214941-1&cid=1344433557.1500384223&jid=206238312&_v=5.6.7&z=504131276

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:400c:c06::9d , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 18 Jul 2017 13:23:43 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 Jul 2017 13:23:43 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2214941-1&cid=1344433557.1500384223&jid=206238312&_v=5.6.7&z=504131276
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 368
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 a7ux32CQqr4zfJacwqm_6l.js Show response
sc.tynt.com/script/sc/ 124 B
146 B 37ms
14ms Script
text/javascript 104.16.87.26
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://sc.tynt.com/script/sc/a7ux32CQqr4zfJacwqm_6l.js

Requested by

Host: tcr.tynt.com
URL: http://tcr.tynt.com/ti.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.16.87.26 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

271fb7a38ee9a0abb2070e2af9a1f66f7dbe87305b9bea9af421aa91779c40e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
x-xss-protection: 1; mode=block
x-request-id: a593a929-2150-4781-b251-8d89a5c532d3
x-runtime: 0.002319
x-content-digest: 1f08739dbb89a742e245091bafa595b3a479e48f
last-modified: Mon, 17 Jul 2017 14:53:42 GMT
server: cloudflare-nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=86400, public, s-maxage=172800
cf-ray: 3805c1d338bf6421-FRA
x-rack-cache: fresh
expires: Tue, 18 Jul 2017 14:58:12 GMT

GET
H/1.1 200
OK p
ic.tynt.com/b/ 35 B
35 B 203ms
101ms Image
image/gif 208.100.17.190
Steadfast

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ic.tynt.com/b/p?id=a7ux32CQqr4zfJacwqm_6l&lm=0&ts=1500384223209&dn=TI&iso=0&img=http%3A%2F%2Fwww.itworldcanada.com%2Fwp-content%2Fuploads%2F2016%2F08%2FFEATURE-Ransomware-keyboard-GETTY.jpg&ct=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack&t=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack%20%7C%20IT%20World%20Canada%20News&cu=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&ah=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844%3Famp%3D1
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: nginx/1.10.3 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Last-Modified: Fri, 16 Apr 2010 15:38:20 GMT
Server: nginx/1.10.3
ETag: "4bc8846c-23"
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
Cache-Control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 35
Expires: "Sat, 26 Jul 1997 05:00:00 GMT"

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/ Frame 1445 2 KB
977 B 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

30756d05d0ee2f235ab1a2bef5c27582db72891637c74f57d552f0f8a3ca64a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Wed, 12 Jul 2017 21:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 968
x-xss-protection: 1; mode=block
server: cafe
etag: 7028662575687347401
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Jul 2017 21:17:11 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/ Frame 1445 27 KB
10 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 13 Jul 2017 14:19:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 10694
x-xss-protection: 1; mode=block
server: cafe
etag: 18261792856279533205
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Jul 2017 14:19:31 GMT

GET
S 200 773658071773648289
tpc.googlesyndication.com/simgad/ Frame 1445 37 KB
37 KB 6ms
6ms Image
image/gif 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/773658071773648289

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

d342bd10d16b3bd46f0cbce5725a36051d512a525fab0766d5e7109cd7787ec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 11 Jul 2017 15:25:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Nov 2016 19:09:25 GMT
server: sffe
age: 597514
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 37444
x-xss-protection: 1; mode=block
expires: Wed, 11 Jul 2018 15:25:09 GMT

GET
H/1.1 200
OK osd.js Show response
pagead2.googlesyndication.com/pagead/ 80 KB
29 KB 12ms
6ms Script
text/javascript 2a00:1450:4001:81f::2002
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

af90c9433fca4e81f1ae364bcf1ea7cd5e3bde9fbfc28e42c5146168010fabeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 12:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
Age: 3542
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
ETag: 10978336355724882311
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 30158
X-XSS-Protection: 1; mode=block
Expires: Tue, 18 Jul 2017 13:24:41 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1445 0
0 29ms
28ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuH7mvsor0szbVJya7hqFYRJAKw_tHPLHmqw1HKpso04SLQerv1tEMWXPV2gQ7kB2-ckfPH-S18PtW0iJyo8orPco1IYIAifVgYppnhhvdMcuuWQsMLmMl_Iwb9fKbCVLQYHLTJSqYgcrzYsXqqnsMD4ApYhFzER0fkCRpMxFlCvAsNxqsUrgoiRzL7YzM3NphWlZwtzrF5cbtK6mfjHBWay9RKN-Zqr6VZU78ToWdvySUQOb2qyONyrA&sig=Cg0ArKJSzBaV4HVHxtGhEAE&adurl=

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Tue, 18 Jul 2017 13:23:43 GMT

GET
H/1.1 200
OK ad-block-bg.png
www.itworldcanada.com/client/ 25 KB
25 KB 102ms
101ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/client/ad-block-bg.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 23b0b9e69f66f37a2a87aa8534acb19988320b4e9b18c49c129fa0ba886893fa

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Fri, 05 Feb 2016 17:32:23 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "63ce-52b093be337c0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 25550
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK glyphicons-halflings-white.png
www.itworldcanada.com/wp-content/themes/the-bootstrap/img/ 9 KB
9 KB 112ms
112ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/the-bootstrap/img/glyphicons-halflings-white.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: f0e0d95a9c8abcdfabf46348e2d4285829bb0491f5f6af0e05af52bffb6324c4

Request headers

Referer: http://www.itworldcanada.com/wp-content/themes/the-bootstrap/css/css-boot-min.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Wed, 05 Jun 2013 11:36:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "2249-4de669afac9c0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 8777
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/ Frame 1445 2 KB
977 B 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

30756d05d0ee2f235ab1a2bef5c27582db72891637c74f57d552f0f8a3ca64a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Wed, 12 Jul 2017 21:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 968
x-xss-protection: 1; mode=block
server: cafe
etag: 7028662575687347401
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Jul 2017 21:17:11 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/ Frame 1445 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 13 Jul 2017 14:19:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 10694
x-xss-protection: 1; mode=block
server: cafe
etag: 18261792856279533205
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Jul 2017 14:19:31 GMT

GET
S 200 16210792767841670153
tpc.googlesyndication.com/simgad/ Frame 1445 17 KB
17 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16210792767841670153

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

fba7c4ebb1da99497e565e8ef26bcba59df68d7c798996bacc5aed9a383a045c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sun, 16 Jul 2017 04:05:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 17 Jan 2017 15:00:00 GMT
server: sffe
age: 206267
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 17103
x-xss-protection: 1; mode=block
expires: Mon, 16 Jul 2018 04:05:56 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1445 0
0 29ms
29ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYXAhciChxVC9A-KY-aD8TtfF6aq5fNWm7PUzPAshVhj2961w2mgS41Zbi4eoMyUDHONOLPgJykspvWhTiNWXG_Ke2dKX2u9S1HSsbsQtsqY3Gk4s99cHtRLWbe5etMSh9yauyFCDH8kFU2TsZYRk4FYAA_jwEp1oCUCWM50Sb3cT1MR114ltyxuVfwX66qgkxShVvIdXEaKvIUmF8Ofdbz4WxwljMYxYBcdImlh3csdT_iJRfJDST6A&sig=Cg0ArKJSzA8rJmwP71wREAE&adurl=

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Tue, 18 Jul 2017 13:23:43 GMT

GET
S 200 m_window_focus_non_hydra.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/ Frame 1445 2 KB
977 B 9ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

30756d05d0ee2f235ab1a2bef5c27582db72891637c74f57d552f0f8a3ca64a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Wed, 12 Jul 2017 21:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 968
x-xss-protection: 1; mode=block
server: cafe
etag: 7028662575687347401
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Jul 2017 21:17:11 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/ Frame 1445 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 13 Jul 2017 14:19:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 10694
x-xss-protection: 1; mode=block
server: cafe
etag: 18261792856279533205
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Jul 2017 14:19:31 GMT

GET
S 200 4285523339660388407
tpc.googlesyndication.com/simgad/ Frame 1445 73 KB
73 KB 8ms
7ms Image
image/gif 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4285523339660388407

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

0a79f8b1cae05e2527c11f4116fa5637aaf168698b96f4120cd36d010ca03f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Mon, 17 Jul 2017 17:17:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Nov 2016 19:10:50 GMT
server: sffe
age: 72351
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 74264
x-xss-protection: 1; mode=block
expires: Tue, 17 Jul 2018 17:17:52 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1445 0
0 29ms
29ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstf4S79oX1CyFezjYqObhCXf1Ui4j6IS0gjrBWgaRqPRNe7lJvaGKOxsnyYxVMrJOrL1Slxci_pG25PchDX2N1nxYStuG420pxQWK4gcdeAOQJRmlMnWHUxjdvA0Hp-Z-_1kF_o88jDGCFMHepJ5v55z71lNgWmEgn3zjLk7IBtATQmfE04BrViNBEjdpPIqvXRrsSyH-adxuc8ZgQUT0Bzuy-b13sv8sxT3jbUT9zfM3oAsfhKPfE4aA&sig=Cg0ArKJSzJ8Ln4Kv5YcmEAE&adurl=

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK social-icons.png
www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/universal/ 19 KB
19 KB 101ms
101ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/img/universal/social-icons.png
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 61f7679efb629be2e2ee69a87928a940475fcab2718e9041942d0e894443fb74

Request headers

Referer: http://www.itworldcanada.com/wp-content/themes/itworld-dev-theme/style.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Thu, 08 May 2014 14:22:24 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "4b1b-4f8e435b30800"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 19227
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
DATA 200
OK truncated
/ Frame 1445 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 482e755f567d1ec122365bf7b28e1c818ba863b16f4e4aa82a5ff4a1c071c94d

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20110914/client/ext/m_window_focus_non_hydra.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

30756d05d0ee2f235ab1a2bef5c27582db72891637c74f57d552f0f8a3ca64a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Wed, 12 Jul 2017 21:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489992
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 968
x-xss-protection: 1; mode=block
server: cafe
etag: 7028662575687347401
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Jul 2017 21:17:11 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/ Frame 1445 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Thu, 13 Jul 2017 14:19:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 10694
x-xss-protection: 1; mode=block
server: cafe
etag: 18261792856279533205
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Jul 2017 14:19:31 GMT

GET
S 200 11960591724660697160
tpc.googlesyndication.com/simgad/ Frame 1445 43 KB
43 KB 7ms
7ms Image
image/gif 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11960591724660697160

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

b4134edcb728defc293634dfb1bf55217446355708056ffae1c8041a5c1bc4e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Sat, 15 Jul 2017 07:58:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Nov 2016 19:12:18 GMT
server: sffe
age: 278734
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 43537
x-xss-protection: 1; mode=block
expires: Sun, 15 Jul 2018 07:58:09 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1445 0
0 29ms
28ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHlSCKXtfQY_XRSaOdnThkEYuMqNExceUzAtn16khvvD0Zx5Z72vWsFRcNSSSPwmBWxTCJ2MTdMqbPYMYMTAAM2NldOmMglAUAZmSI5i5EE0_sP5KVWd1qyIDEDjrDL2FvogEk5a2K645ydIgGNx3oiYgN_w3C6XCRGBt0G_F1aloowGVI09KFFOS2sTYu0FG8PhgqcJ4ISO8w_UIesQ_m-qFYnlgAcDeiAdmFesoih82A6IfGoAdnmw&sig=Cg0ArKJSzCpArc0pznlAEAE&adurl=

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

embed.js Show response
itworldcanada.disqus.com/
Redirect Chain

http://itworldcanada.disqus.com/embed.js
https://itworldcanada.disqus.com/embed.js

53 KB
18 KB

355ms
338ms

Script
application/javascript

151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://itworldcanada.disqus.com/embed.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

ed6fb5e485b177c9b947c07c8a36ff0f63e8fb71a46222eb60e7340dc3d970c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 18076

Redirect headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Server: Varnish
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: text/html
Location: https://itworldcanada.disqus.com/embed.js
Cache-Control: public, max-age=31536000
Connection: close
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 219

GET
H/1.1 200
OK 17253-Cisco-Carousel.html Show response
www.itworldcanada.com/client/WebOpsAds/17253-Cisco/ Frame 1445 13 KB
3 KB 198ms
108ms Document
text/html 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: aa5c0320931cad4f64e49be36e2de0120e8a3780aba676e558c945b7e7430997

Request headers

Upgrade-Insecure-Requests: 1
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Jun 2017 18:29:21 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "355c-552e1212bd9a8-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3581
Expires: Tue, 18 Jul 2017 14:20:17 GMT

GET
S 200 osd_listener.js Show response
tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/ 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20170712/r20170712/activeview/osd_listener.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 13 Jul 2017 14:19:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 10694
x-xss-protection: 1; mode=block
server: cafe
etag: 18261792856279533205
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Jul 2017 14:19:31 GMT

GET
S 200 view
securepubads.g.doubleclick.net/pcs/ 0
0 29ms
29ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvSM1bRAxpVFXbh5FMUlIlljNaP_97e02qUk5-1aCpBc2cNSJmhwBJJH-6Y1OupxCmgBOcieVz46lSxT3yamzVSCngsbsWINq8NmQ8kzbmH1q0nZG_GFQMRUx-vSIiK89RMbxA96pfqe2-xxW8BNp04w1pq0vnvqlzY12rbO_C4qAanTIw2Em29yJbRLE7Cyq0XiDpcYAefGUrNlT9GSDEf51oHD6hwbNwF7qNjw0MSnmJM68jrRPzz5kU2vuU&sig=Cg0ArKJSzNrh6MNoN1FGEAE&urlfix=1&adurl=

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block

OPTIONS
S 200 / Show response
settings.luckyorange.net/ 59 B
96 B 136ms
112ms XHR
application/json 104.24.11.90
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&s=55859

Requested by

Host: cdn.luckyorange.com
URL: https://cdn.luckyorange.com/w.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.24.11.90 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

3f76073703cbb680f2c7a03bf5fe0c0a7df4888cff13fc09e22524f6de415a66

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Access-Control-Request-Method: GET
Origin: http://www.itworldcanada.com
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Access-Control-Request-Headers: x-requested-with

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
server: cloudflare-nginx
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json
status: 200
cf-ray: 3805c1d3becc634f-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length: 78

GET
DATA 200
OK truncated
/ Frame 1445 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a17705a26cdbb8dd6a1b472693dc7b3e588098d3452408388a7d4859ac546fb

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1445 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05c31043e139eb628521b80242f3c5b8a7a0ab9960b86cbc61cca8380e2dff31

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1445 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dc1d884f985d6f16b6942220781f91962c754ccc163d5f9d1d5a7d291931e15

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1 200
OK classie.js Show response
www.itwc.ca/js/ 2 KB
2 KB 401ms
197ms Script
application/javascript 64.140.125.133
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itwc.ca/js/classie.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_138.js
Protocol: HTTP/1.1
Server: 64.140.125.133 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.23 (FreeBSD) /
Resource Hash: abaf9fb23b33a45bf842ed2348d06db7346efc042b187d49cdb0cfa49a2f00d2

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:19:31 GMT
Last-Modified: Fri, 21 Nov 2014 17:10:15 GMT
Server: Apache/2.4.23 (FreeBSD)
ETag: "7a0-5086184b72bc0"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1952

GET
H/1.1

200
OK

17253D.png
www.itworldcanada.com/wp-content/uploads/2017/06/
Redirect Chain

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuvcrBGz4qSLWWBkYxpIcYzSyoqXNjfyalUlv5R2LVJL2J9nPap3z-GPBPYEvHnIkCYpUxzA2I4YibzCrCon8uRErlyGSXWTKqNwr-JRqr2KkWVErIVyCz1aF_6uzzlrv7tBHqlzNjff...
http://www.itworldcanada.com/wp-content/uploads/2017/06/17253D.png

30 KB
30 KB

151ms
101ms

Image
image/png

64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253D.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: f02f9538a295f570f40de4a3218f5fc2a7d179d700cca84b9b53e084f245da73

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:17 GMT
Last-Modified: Fri, 23 Jun 2017 18:25:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "76aa-552a4b8b68378"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 30378
Expires: Wed, 18 Jul 2018 13:20:17 GMT

Redirect headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253D.png
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
S 200 view%3Fxai%3DAKAOjsuvcrBGz4qSLWWBkYxpIcYzSyoqXNjfyalUlv5R2LVJL2J9nPap3z-GPBPYEvHnIkCYpUxzA2I4YibzCrCon8uRErlyGSXWTKqNwr-JRqr2KkWVErIVyCz1aF_6uzzlrv7tBHqlzNjff_WFEtDlaUgqEI_Zu8bjztBp5xgFJmlUEPfrX6nZ...
securepubads.g.doubleclick.net/pcs/ 0
0 30ms
30ms Image
text/html 172.217.21.98
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsuvcrBGz4qSLWWBkYxpIcYzSyoqXNjfyalUlv5R2LVJL2J9nPap3z-GPBPYEvHnIkCYpUxzA2I4YibzCrCon8uRErlyGSXWTKqNwr-JRqr2KkWVErIVyCz1aF_6uzzlrv7tBHqlzNjff_WFEtDlaUgqEI_Zu8bjztBp5xgFJmlUEPfrX6nZZ3UmxqTBtw8QA0NlrhNFHyfjW6Iwu5ZWbdx9IBCTn89zcJFWQZiNR5t6BdufwcOiS8g%26sig%3DCg0ArKJSzOaL9X9yWovuEAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.21.98 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

fra07s32-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 Jul 2017 13:23:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 0
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 932d585a460d3f4e9200723eccb409fb4d9e55d5a271f685939d357d576a058c

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
DATA 200
OK truncated
/ 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd69365cc0c062a31ebc767937dbbe7452cbfca199544f2298c431a40984c992

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1

200
OK

count.js Show response
itworldcanada.disqus.com/
Redirect Chain

http://itworldcanada.disqus.com/count.js
https://itworldcanada.disqus.com/count.js

1 KB
871 B

541ms
530ms

Script
application/javascript

151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://itworldcanada.disqus.com/count.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2570881
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Jun 2017 19:30:03 GMT
Server: nginx
ETag: "594431bb-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Fastly-Debug-Digest: b6f975ecd04a5ce489da7a841091c3fab14aef5410aa4ba7ad8fdad8e7244bef
Cache-Control: public, max-age=86400
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

Redirect headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Server: Varnish
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: text/html
Location: https://itworldcanada.disqus.com/count.js
Cache-Control: public, max-age=31536000
Connection: close
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 219

GET
S 200 / Show response
settings.luckyorange.net/ 59 B
96 B 110ms
109ms XHR
application/json 104.24.11.90
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&s=55859

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.24.11.90 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

3f76073703cbb680f2c7a03bf5fe0c0a7df4888cff13fc09e22524f6de415a66

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Origin: http://www.itworldcanada.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
vary: Accept-Encoding
server: cloudflare-nginx
status: 200
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 3805c1d46f18634f-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length: 78

GET
H/1.1 200 v2 Show response
de.tynt.com/deb/ 782 B
782 B 209ms
108ms Script
application/javascript 208.100.17.188
Steadfast

General

Check archive.org

Show headers Download Go to

Full URL: http://de.tynt.com/deb/v2?id=a7ux32CQqr4zfJacwqm_6l&dn=TI&cc=1&r=
Requested by: Host: tcr.tynt.com
URL: http://tcr.tynt.com/ti.js
Protocol: HTTP/1.1
Server: 208.100.17.188 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS: ip188.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: 796a5ef6d168642bac896df678fb8734fe6376350ad796283ad3a4625c71b817

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:42 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
Content-Type: application/javascript
Connection: close
P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
Content-Length: 782
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ Frame 1445 91 KB
33 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 16 May 2017 13:55:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
Server: sffe
Age: 5441286
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 33593
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 May 2018 13:55:37 GMT

GET
H/1.1

200
OK

responsiveslides.min.js Show response
www.itworldcanada.com/client/ Frame 1445
Redirect Chain

http://www.itworldcanada.com/ads/responsiveslides.min.js
http://www.itworldcanada.com/client/responsiveslides.min.js

3 KB
1 KB

114ms
114ms

Script
application/x-javascript

64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to

Full URL: http://www.itworldcanada.com/client/responsiveslides.min.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 95654393bc2cc5657db432ad784f7c260867760f5232d3e6820539ed59ba8cf5

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jan 2015 15:20:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "d4d-50da3cb6864c0-gzip"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1479
Expires: Wed, 18 Jul 2018 13:20:18 GMT

Redirect headers

Date: Tue, 18 Jul 2017 13:20:17 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
Content-Type: text/html; charset=iso-8859-1
Location: http://www.itworldcanada.com/client/responsiveslides.min.js
Cache-Control: max-age=3600
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 267
Expires: Tue, 18 Jul 2017 14:20:17 GMT

GET
H/1.1 200
OK 17253A.png
www.itworldcanada.com/wp-content/uploads/2017/06/ Frame 1445 31 KB
31 KB 102ms
102ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253A.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 7d6c8713d36d0cf65222c29035d4dfe1d3a3d4356f82f0c55735f74ef5f06a60

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Thu, 22 Jun 2017 16:01:04 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "7b10-5528e978bb8f0"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 31504
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK 17253B.png
www.itworldcanada.com/wp-content/uploads/2017/06/ Frame 1445 17 KB
17 KB 107ms
107ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253B.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 4d8c739d54433d669e8da957f91b7f17de9895c0e7fcd69719377fe71a9f7681

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Thu, 22 Jun 2017 16:30:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "45d3-5528f0162fba8"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 17875
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK 17253C.png
www.itworldcanada.com/wp-content/uploads/2017/06/ Frame 1445 25 KB
25 KB 121ms
121ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253C.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: 20c0928941cd543bed2af0d75560103bc8b7791b43c85849c37966bd72a6d827

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Fri, 23 Jun 2017 18:05:07 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "621d-552a470f96e88"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 25117
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK 17253D.png
www.itworldcanada.com/wp-content/uploads/2017/06/ Frame 1445 30 KB
30 KB 118ms
118ms Image
image/png 64.140.125.207
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.itworldcanada.com/wp-content/uploads/2017/06/17253D.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.207 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 /
Resource Hash: f02f9538a295f570f40de4a3218f5fc2a7d179d700cca84b9b53e084f245da73

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Tue, 18 Jul 2017 13:20:18 GMT
Last-Modified: Fri, 23 Jun 2017 18:25:10 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16
ETag: "76aa-552a4b8b68378"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 30378
Expires: Wed, 18 Jul 2018 13:20:18 GMT

GET
H/1.1 200
OK logo2.png
messagent.itworldcanada.com/images/leadgen/ITW15-025/ Frame 1445 9 KB
9 KB 303ms
99ms Image
image/png 64.140.125.136
Start Communications

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://messagent.itworldcanada.com/images/leadgen/ITW15-025/logo2.png
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
Protocol: HTTP/1.1
Server: 64.140.125.136 London, Canada, ASN40788 (START-CA - Start Communications, CA),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7abeb65ac3a97a897c6b3125b85eba097a22a3b94e4c048c0b26362df7fa61a3

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:19:32 GMT
Last-Modified: Mon, 14 Dec 2015 20:12:26 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "071fc0ab36d11:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 9070

GET
S 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ 176 KB
54 KB 614ms
96ms Script
application/javascript 52.85.89.136
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js
Requested by: Host: cdn.luckyorange.com
URL: https://cdn.luckyorange.com/w.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.89.136 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-89-136.jfk6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb70c9f1689747385f70c6ae4729a4c52ec101a77b103e73d5fa6d638f8bf87f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Origin: http://www.itworldcanada.com

Response headers

date: Thu, 13 Jul 2017 20:05:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jul 2017 20:05:40 GMT
server: AmazonS3
age: 1209
status: 200
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=3600
x-cache: Hit from cloudfront
x-amz-cf-id: X017RO41WU8KXdWdZZgzPmZAt0QX60Z_FTV5sxIi3YhahJXq3byv6g==
via: 1.1 20710af5b67bb4f49570084055f06277.cloudfront.net (CloudFront)

GET
H/1.1

200
OK

ca.png
s.cpx.to/
Redirect Chain

http://ib.adnxs.com/getuid?http%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3D%26pid%3D11254%26adnxs_uid%3D%24UID
http://s.cpx.to/ca.png?ref=&pid=11254&adnxs_uid=7642065914373073200

95 B
95 B

57ms
29ms

Image
image/png

52.30.90.179
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://s.cpx.to/ca.png?ref=&pid=11254&adnxs_uid=7642065914373073200
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.30.90.179 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-30-90-179.eu-west-1.compute.amazonaws.com
Software: akka-http/2.4.17 /
Resource Hash: bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:43 GMT
Server: akka-http/2.4.17
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Type: image/png
Content-Length: 95
Expires: Tue, 18 Jul 2017 13:23:43 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:45 GMT
X-Proxy-Origin: 148.251.45.170; 148.251.45.170; 152.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.4:80
AN-X-Request-Uuid: c4961452-616c-4fde-95ee-0f5901eee4f2
Server: nginx/1.11.5
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: http://s.cpx.to/ca.png?ref=&pid=11254&adnxs_uid=7642065914373073200
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

http://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESENZ8V_N7izvHE3PFw9Bnb4I&google_cver=1

70 B
70 B

7ms
7ms

Image
image/gif

35.157.92.151
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESENZ8V_N7izvHE3PFw9Bnb4I&google_cver=1
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 35.157.92.151 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-157-92-151.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Length: 70
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:43 GMT
Server: HTTP server (unknown)
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESENZ8V_N7izvHE3PFw9Bnb4I&google_cver=1
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 310
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dpx
i.simpli.fi/ 43 B
43 B 24ms
11ms Image
image/gif 5.153.20.140
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://i.simpli.fi/dpx?cid=11411&33random=1500384223612

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

5.153.20.140 Amsterdam, Netherlands, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),

Reverse DNS

8c.14.9905.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Access-Control-Allow-Methods: GET, POST, OPTIONS
P3P: policyref="/w3c/p3p.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

27519
tags.bluekai.com/site/ Frame 1445
Redirect Chain

http://tags.bluekai.com/site/27519?id=CmUMLVluC98IQgSqpvLzAg%3D%3D&ret=html&random=1500384223612
http://tags.bluekai.com/site/27519?dt=0&r=764024187&sig=1579726073&bkca=KJpnEnaNpQlN2x7nvUVt+w91E9XrnYMp3UJ1PpPt9uvNG+xutT0ulO0NGLuXkwhzV6BE9yBMYh1M/t1px019S79uyx==

0
0

GET
S 200 lounge.e52b2f99308b09ef7684f62bab4d6f07.css
c.disquscdn.com/next/embed/styles/ 84 KB
16 KB 64ms
40ms Stylesheet
text/css 2400:cb00:2048:1::6810:4fa6
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.e52b2f99308b09ef7684f62bab4d6f07.css

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

5dd5dd1ef6e367aca313367664284bd3e2f311fd0ef83bb7c837f0ef8a42f545

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 16413
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 30 Jun 2017 01:54:57 GMT
server: cloudflare-nginx
fastly-debug-digest: 009a095e0e263599066d6a1ef0f64d568091f35d87f48021d45d171141cc9ec1
etag: "5955af71-401d"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 3805c1d6591427a4-FRA
expires: Sat, 30 Jun 2018 17:26:33 GMT

GET
S 200 common.bundle.b2c634a04700d668e072b1d5f9909f67.js Show response
c.disquscdn.com/next/embed/ 241 KB
81 KB 52ms
28ms Script
application/javascript 2400:cb00:2048:1::6810:4fa6
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.b2c634a04700d668e072b1d5f9909f67.js

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

d3042f1f6064d31dbe09e0ce5a895d3a4a0934a718c8cd6fbd88e707af2b2a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 82629
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 12 Jul 2017 22:35:15 GMT
server: cloudflare-nginx
fastly-debug-digest: c4a06165ce06c7c95d016967725f7417375bfb310de5b25abe0921edbe6620b8
etag: "5966a423-142c5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 3805c1d6591727a4-FRA
expires: Thu, 12 Jul 2018 22:44:41 GMT

GET
S 200 lounge.bundle.117870d457d2c05d7b970ea7280b0e4f.js Show response
c.disquscdn.com/next/embed/ 333 KB
87 KB 33ms
9ms Script
application/javascript 2400:cb00:2048:1::6810:4fa6
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.117870d457d2c05d7b970ea7280b0e4f.js

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

fcd4500332e11d659e7ac14d5323e2a795853c56dbd6f576541ca2e4de3394fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 89026
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 14 Jul 2017 21:29:27 GMT
server: cloudflare-nginx
fastly-debug-digest: e70557c1cf7632d6959525a4306bc79791a38f3a4d03aad0bc194dfcdc255a9b
etag: "596937b7-15bc2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 3805c1d6591627a4-FRA
expires: Tue, 17 Jul 2018 17:16:05 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ 3 KB
2 KB 23ms
6ms Script
application/javascript 151.101.128.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

501b6f45ce33093a2be1b6adad73987b5be3a0ef114e1a7858b3f9fded8719bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 39
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1537
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
S

200

ga.js Show response
www.google-analytics.com/ Frame 1445
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

42 KB
16 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:80b::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:80b::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.itworldcanada.com/client/WebOpsAds/17253-Cisco/17253-Cisco-Carousel.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 2847
date: Tue, 18 Jul 2017 12:36:16 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 16022
expires: Tue, 18 Jul 2017 14:36:16 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET /
disqus.com/embed/comments/ Frame 1445 0
0

GET
H/1.1 200
OK cube.js Show response
bb.itwc.ca/js/ 12 KB
12 KB 319ms
102ms Script
text/javascript 52.7.195.62
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://bb.itwc.ca/js/cube.js
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 52.7.195.62 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-7-195-62.compute-1.amazonaws.com
Software: Apache /
Resource Hash: b1bdb64c67f8446da86af71a6c45f78c31d64dce221a8e1ce85c28951a5270fa

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Last-Modified: Fri, 15 Jul 2016 19:10:58 GMT
Server: Apache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12326
Content-Type: text/javascript

GET
H/1.1 200
OK timeline.0715c2000eedc9e78b7c1de0ca97c73e.js Show response
platform.twitter.com/js/ 28 KB
9 KB 19ms
5ms Script
application/javascript 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.0715c2000eedc9e78b7c1de0ca97c73e.js
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: ff421af4e6609b190d369e8042d9ba09e103be7464d993fdfb2dd2a86be78458

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Content-Encoding: gzip
Age: 500137
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 8860
X-Served-By: cache-tw-fra1-cr1-17-TWFRA1
Last-Modified: Tue, 11 Jul 2017 22:45:15 GMT
X-Timer: S1500384224.105951,VS0,VE0
Etag: "ded88b6e9256eb0f64d55519ea29d8b7+gzip"
Vary: Accept-Encoding,Host
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
H/1.1 200
OK profile Show response
cdn.syndication.twimg.com/timeline/ 165 KB
11 KB 228ms
191ms Script
application/javascript 2606:2800:234:1a46:1c04:1676:610:129d
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_itworldca_old&dnt=false&domain=www.itworldcanada.com&lang=en&screen_name=itworldca&suppress_response_codes=true&t=1667093&with_replies=false

Requested by

Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:234:1a46:1c04:1676:610:129d , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_o /

Resource Hash

04cad17694d8a1b7cb32158350430624e31021022d7c2bb30aaae3c97d4e539d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
Transfer-Encoding: chunked
content-disposition: attachment; filename=jsonp.jsonp
x-xss-protection: 1; mode=block
x-response-time: 162
last-modified: Tue, 18 Jul 2017 13:23:44 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
Content-Type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: 8fd34dc36f9acf053dc40ffff75c3f99
timing-allow-origin: *
x-transaction: 0069dd04006c44b5
expires: Tue, 18 Jul 2017 13:28:44 GMT

GET
S 200 syndication
syndication.twitter.com/i/jot/ 43 B
74 B 129ms
110ms Image
image/gif 104.244.42.72
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1500384224115%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block
x-response-time: 103
pragma: no-cache
last-modified: Tue, 18 Jul 2017 13:23:44 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 2621b07b9f3b0392aa16fdcff28414bb
x-transaction: 00a80e3400c5bb92
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 1445 337 B
262 B 8ms
8ms Stylesheet
text/css 2400:cb00:2048:1::6810:4fa6
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
content-length: 244
timing-allow-origin: *
last-modified: Thu, 10 Nov 2016 18:57:57 GMT
server: cloudflare-nginx
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5824c335-f4"
strict-transport-security: max-age=300; includeSubdomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 3805c1d94a9c27a4-FRA
expires: Fri, 10 Nov 2017 19:10:06 GMT

GET
S 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 1445 337 B
262 B 14ms
13ms Stylesheet
text/css 2400:cb00:2048:1::6810:4fa6
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: itworldcanada.disqus.com
URL: https://itworldcanada.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
content-length: 244
timing-allow-origin: *
last-modified: Thu, 10 Nov 2016 18:57:57 GMT
server: cloudflare-nginx
fastly-debug-digest: ddbb547324842fbef412f9cb6a75e494efb72ac30deb102492dc2845863dccf3
etag: "5824c335-f4"
strict-transport-security: max-age=300; includeSubdomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 3805c1d95a9d27a4-FRA
expires: Fri, 10 Nov 2017 19:10:06 GMT

GET
S 200 IKh9Snl0
pbs.twimg.com/card_img/887067040246312960/ Frame 1445 3 KB
3 KB 52ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/887067040246312960/IKh9Snl0?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F2CC) /

Resource Hash

a9c8e4a3ae585d01ddf7ddacfb11756492bb3a8bfd710a423327b4bf46593d59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: yMXftABkJTrNf6krKigEyQ==
x-cache: HIT
status: 200
content-length: 3042
x-response-time: 137
surrogate-key: card_img card_img/bucket/1 card_img/887067040246312960
last-modified: Mon, 17 Jul 2017 21:48:37 GMT
server: ECS (vie/F2CC)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 54103e59055db8089132b25948bc573f
accept-ranges: bytes

GET
S 200 Pyhzn19d
pbs.twimg.com/card_img/887045832851070976/ Frame 1445 6 KB
6 KB 67ms
31ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/887045832851070976/Pyhzn19d?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F39E) /

Resource Hash

12b2ac44fc594e083d027f4f485cd0e2218d2b702328dc2fc070e8388491ad5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: cp8xf7Wyqw65D+Edrf1HEw==
x-cache: HIT
status: 200
content-length: 6546
x-response-time: 143
surrogate-key: card_img card_img/bucket/4 card_img/887045832851070976
last-modified: Mon, 17 Jul 2017 20:24:21 GMT
server: ECS (vie/F39E)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b045bb56167a9808fd13cf8bcca5141f
accept-ranges: bytes

GET
S 200 hePzsU3Z
pbs.twimg.com/card_img/887020834556190721/ Frame 1445 6 KB
6 KB 77ms
41ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/887020834556190721/hePzsU3Z?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F2DB) /

Resource Hash

03a4a8818608faa712f8d4be45d3fce6c5e6f77e33dfdd4980a378b0eb9218e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: UtlIA1jFCxAwnSl2bHGpsg==
x-cache: HIT
status: 200
content-length: 5973
x-response-time: 132
surrogate-key: card_img card_img/bucket/4 card_img/887020834556190721
last-modified: Mon, 17 Jul 2017 18:45:01 GMT
server: ECS (vie/F2DB)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9077dfbbf7cf15b5327b6445344e3dc1
accept-ranges: bytes

GET
S 200 eSWCwiSX
pbs.twimg.com/card_img/886977621984243712/ Frame 1445 10 KB
10 KB 67ms
31ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/886977621984243712/eSWCwiSX?format=jpg&name=280x280

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F2AD) /

Resource Hash

6a7ef3bee3b7d1abb1f18eacf47b99f955a6b62d85f84cb0ac183ec53e7f9bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: wbXoAA4pSmmLQ4K69J8s4w==
x-cache: HIT
status: 200
content-length: 10053
x-response-time: 138
surrogate-key: card_img card_img/bucket/2 card_img/886977621984243712
last-modified: Mon, 17 Jul 2017 15:53:18 GMT
server: ECS (vie/F2AD)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3836ed7655144cf153dd79a7b1c71427
accept-ranges: bytes

GET
S 200 utwIHr0e
pbs.twimg.com/card_img/885890112600641540/ Frame 1445 7 KB
7 KB 77ms
41ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885890112600641540/utwIHr0e?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3A7) /

Resource Hash

a686595c3b139e2154f3c96aa8e94d7b459d6ec62837086440503a0eebc59862

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: uCNELLfsqQvACTlsmZGkjA==
x-cache: HIT
status: 200
content-length: 7115
x-response-time: 137
surrogate-key: card_img card_img/bucket/4 card_img/885890112600641540
last-modified: Fri, 14 Jul 2017 15:51:56 GMT
server: ECS (vie/F3A7)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 959fe4869f41308dbe3a7dbb9e1a9f2b
accept-ranges: bytes

GET
S 200 lESVTWBd
pbs.twimg.com/card_img/885887719062241281/ Frame 1445 7 KB
7 KB 52ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885887719062241281/lESVTWBd?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3AA) /

Resource Hash

8dc08c8d418bda764805a694f2546c65d3fa9a399ae45f76246740b99f813c4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: ri+mxGfZq4EMNWIi9/f5xg==
x-cache: HIT
status: 200
content-length: 7527
x-response-time: 140
surrogate-key: card_img card_img/bucket/1 card_img/885887719062241281
last-modified: Fri, 14 Jul 2017 15:42:25 GMT
server: ECS (vie/F3AA)
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 00fd6130007f245b
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 6
x-connection-hash: 35a8642187377bf592e556b6d8b0b284
accept-ranges: bytes

GET
S 200 Ga7-wyM_
pbs.twimg.com/card_img/885613515490418689/ Frame 1445 5 KB
5 KB 26ms
26ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885613515490418689/Ga7-wyM_?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F398) /

Resource Hash

8a55fa03cbefc080f9709bd17a44c1cb03ad38fcba5b901ae08b18057a85e949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: YbzOeMZCSh20j7lNVo98Jg==
x-cache: HIT
status: 200
content-length: 5556
x-response-time: 130
surrogate-key: card_img card_img/bucket/1 card_img/885613515490418689
last-modified: Thu, 13 Jul 2017 21:32:50 GMT
server: ECS (vie/F398)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e43e9dacbbeb2e42f5714aee77d601f3
accept-ranges: bytes

GET
S 200 0QtMr-YF
pbs.twimg.com/card_img/885169533761323009/ Frame 1445 4 KB
4 KB 16ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885169533761323009/0QtMr-YF?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F39A) /

Resource Hash

3baed8f27ebe499ee4a7398e3aab931b01ee7108cab575943d380d56bcde09d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: FI6Gp0zRijAoU4DhmzeFqQ==
x-cache: HIT
status: 200
content-length: 3784
x-response-time: 137
surrogate-key: card_img card_img/bucket/5 card_img/885169533761323009
last-modified: Wed, 12 Jul 2017 16:08:37 GMT
server: ECS (vie/F39A)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 23cbf75aec1e910e262aac1174a9c7bc
accept-ranges: bytes

GET
S 200 o7WqMdnu
pbs.twimg.com/card_img/885462070325628929/ Frame 1445 5 KB
5 KB 16ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885462070325628929/o7WqMdnu?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F2AC) /

Resource Hash

cc1925173fd3b2ac347ad90e257c36fd4ba32f1580c8a98da263ffc84cd3a55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: gPzXvLCjtZsdhbWd0iDDQg==
x-cache: HIT
status: 200
content-length: 5130
x-response-time: 167
surrogate-key: card_img card_img/bucket/4 card_img/885462070325628929
last-modified: Thu, 13 Jul 2017 11:31:03 GMT
server: ECS (vie/F2AC)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f244541709d32ddf127134f29dba4099
accept-ranges: bytes

GET
S 200 sAoM_O4_
pbs.twimg.com/card_img/885278459265777666/ Frame 1445 7 KB
7 KB 17ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885278459265777666/sAoM_O4_?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3B4) /

Resource Hash

fd0b570f84422541c1a6c5bd44d28b1748e45b287d363dbf08690de4ec77ee48

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: CqfxOhRvw4/7QlzqoSTjVA==
x-cache: HIT
status: 200
content-length: 7142
x-response-time: 132
surrogate-key: card_img card_img/bucket/8 card_img/885278459265777666
last-modified: Wed, 12 Jul 2017 23:21:27 GMT
server: ECS (vie/F3B4)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 6db1146e8419d873af2d9bae6261038c
accept-ranges: bytes

GET
S 200 LLu4NsrY
pbs.twimg.com/card_img/885161662046711808/ Frame 1445 6 KB
6 KB 17ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/885161662046711808/LLu4NsrY?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F394) /

Resource Hash

cab9fc23ddf2d031f2d7f75062e4f526f916394641294937721d606326b7aa77

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: 3gQMapvcZ9O/ofBq2z8szg==
x-cache: HIT
status: 200
content-length: 5751
x-response-time: 145
surrogate-key: card_img card_img/bucket/4 card_img/885161662046711808
last-modified: Wed, 12 Jul 2017 15:37:20 GMT
server: ECS (vie/F394)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 80ffd9dddaa974534a50387a98a93f55
accept-ranges: bytes

GET
S 200 gASmsvWN
pbs.twimg.com/card_img/884774236115660800/ Frame 1445 6 KB
6 KB 18ms
17ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/884774236115660800/gASmsvWN?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3BA) /

Resource Hash

8dd0cd4086add5ffd61ee31a4222c6ce8051cabe1423ab97cdbcfc4e3c907ab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: ImJhDLuehJNLGkI3NbBmUQ==
x-cache: HIT
status: 200
content-length: 5969
x-response-time: 361
surrogate-key: card_img card_img/bucket/0 card_img/884774236115660800
last-modified: Tue, 11 Jul 2017 13:57:50 GMT
server: ECS (vie/F3BA)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7e937a32c47d5ef2b93080ba71fd58d2
accept-ranges: bytes

GET
S 200 OXRfXPCE
pbs.twimg.com/card_img/884617417707618308/ Frame 1445 8 KB
8 KB 16ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/884617417707618308/OXRfXPCE?format=jpg&name=144x144_2

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3B6) /

Resource Hash

1949abb6507b16152212cee409cb3f09f06b394b991f6682acf2e66c439672b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: y0Ft1E55iWNomFCbJDMbWg==
x-cache: HIT
status: 200
content-length: 8364
x-response-time: 136
surrogate-key: card_img card_img/bucket/8 card_img/884617417707618308
last-modified: Tue, 11 Jul 2017 03:34:42 GMT
server: ECS (vie/F3B6)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4469fa1d48b1f98f76adb128dd77819e
accept-ranges: bytes

GET
H/1.1 200
OK timeline.24e0cef9279c9cccaf5e72165aa3517a.light.ltr.css
platform.twitter.com/css/ Frame 1445 57 KB
12 KB 6ms
5ms Stylesheet
text/css 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/css/timeline.24e0cef9279c9cccaf5e72165aa3517a.light.ltr.css
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 29771e45c8783f2d4b0f1e81c1a00839c3fb7daf75c124679aedcbc26ebf37e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Content-Encoding: gzip
Age: 500130
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 12697
X-Served-By: cache-tw-fra1-cr1-20-TWFRA1
Last-Modified: Tue, 11 Jul 2017 22:45:15 GMT
X-Timer: S1500384224.383883,VS0,VE0
Etag: "4fc9fea805bad96c68867ce37e6c5b02+gzip"
Vary: Accept-Encoding,Host
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
H/1.1 200
OK timeline.24e0cef9279c9cccaf5e72165aa3517a.light.ltr.css
platform.twitter.com/css/ 9 KB
0 11ms
5ms Image
text/css 199.96.57.6
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://platform.twitter.com/css/timeline.24e0cef9279c9cccaf5e72165aa3517a.light.ltr.css
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Server: 199.96.57.6 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Content-Encoding: gzip
Age: 500130
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 12697
X-Served-By: cache-tw-fra1-cr1-9-TWFRA1
Last-Modified: Tue, 11 Jul 2017 22:45:15 GMT
X-Timer: S1500384224.384377,VS0,VE0
Etag: "4fc9fea805bad96c68867ce37e6c5b02+gzip"
Vary: Accept-Encoding,Host
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
S 200 8acb20c4e68aa0fd1b79e1a18b89d1b9_normal.png
pbs.twimg.com/profile_images/378800000478287404/ Frame 1445 7 KB
7 KB 16ms
16ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/378800000478287404/8acb20c4e68aa0fd1b79e1a18b89d1b9_normal.png

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3BF) /

Resource Hash

0349100029af861cd700a61fb578756cd4f489a4b91a2f5cd99bd0d4f9de884c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: xgJj59hZyIbMGwEZds0zvQ==
x-cache: HIT
status: 200
content-length: 7190
x-response-time: 153
surrogate-key: profile_images profile_images/bucket/0 profile_images/378800000478287404
last-modified: Sat, 14 Sep 2013 08:36:52 GMT
server: ECS (vie/F3BF)
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c6c77dd82e9f46ac05b69e04dffd0df4
accept-ranges: bytes

GET
S 200 u69rQy5u_normal.jpg
pbs.twimg.com/profile_images/792753764910370816/ Frame 1445 2 KB
2 KB 16ms
16ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/792753764910370816/u69rQy5u_normal.jpg

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F2CD) /

Resource Hash

bfcac6ee74f85436fef4166943db683e074ed75f527611c6de7b06717f16a9d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: y3PI4vr/plmbGHV/6Bp7/w==
x-cache: HIT
status: 200
content-length: 2187
x-response-time: 128
surrogate-key: profile_images profile_images/bucket/1 profile_images/792753764910370816
last-modified: Sun, 30 Oct 2016 15:41:20 GMT
server: ECS (vie/F2CD)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b80e767ff130521c60374898b80fc13d
accept-ranges: bytes

GET
S 200 v_j8c_Qa_normal.jpg
pbs.twimg.com/profile_images/880847083980414977/ Frame 1445 2 KB
2 KB 16ms
15ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/880847083980414977/v_j8c_Qa_normal.jpg

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F3A4) /

Resource Hash

1f1a1c144743680d427a17a1416eb537a777d4bd6a61b3140f3adcf681ad8fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
x-content-type-options: nosniff
content-md5: XAlilXArXpgFGB60ygWAKw==
x-cache: HIT
status: 200
content-length: 1807
x-response-time: 338
surrogate-key: profile_images profile_images/bucket/9 profile_images/880847083980414977
last-modified: Fri, 30 Jun 2017 17:52:44 GMT
server: ECS (vie/F3A4)
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e3bbd564a97825c52431147715ad43e8
accept-ranges: bytes

GET
H/1.1 200
OK jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 82 KB
29 KB 15ms
9ms Script
application/javascript 2400:cb00:2048:1::6813:c466
CloudFlare

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Requested by: Host: bb.itwc.ca
URL: http://bb.itwc.ca/js/cube.js
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6813:c466 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 22 Jun 2016 20:04:24 GMT
Server: cloudflare-nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 3805c1da70692768-FRA
Expires: Sun, 08 Jul 2018 13:23:44 GMT

GET
H/1.1 200
OK cryptojs.js Show response
bb.itwc.ca/js/ 8 KB
8 KB 103ms
102ms Script
text/javascript 52.7.195.62
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://bb.itwc.ca/js/cryptojs.js
Requested by: Host: bb.itwc.ca
URL: http://bb.itwc.ca/js/cube.js
Protocol: HTTP/1.1
Server: 52.7.195.62 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-7-195-62.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 75fb7639af36293cf3b45f8eb3cde61b59dcc6b9dec93e23785a9eb62e119d73

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:44 GMT
Last-Modified: Tue, 08 Mar 2016 04:13:28 GMT
Server: Apache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8169
Content-Type: text/javascript

GET
S 200 syndication_bundle_v1_58aae6c3fc7614a364137b885b69a473ad4a4141.css
ton.twimg.com/tfw/css/ Frame 1445 44 KB
7 KB 52ms
18ms Stylesheet
text/css 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_58aae6c3fc7614a364137b885b69a473ad4a4141.css

Requested by

Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F386) /

Resource Hash

787ad35a257b852a471bb468a9d05b3115754cf8b39e0e115590f4b8aceba5cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ton-expected-size: 44673
x-cache: HIT
status: 200
content-length: 6809
x-response-time: 7
surrogate-key: tfw
last-modified: Mon, 03 Jul 2017 12:16:24 GMT
server: ECS (vie/F386)
etag: "6SFmDbv0DZNmqsUiIrKQ1Q=="
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: https://twitter.com
x-connection-hash: db37b066ba6708a1a77fb9626c53df0e
accept-ranges: bytes
expires: Tue, 25 Jul 2017 13:23:44 GMT

GET
S 200 syndication_bundle_v1_58aae6c3fc7614a364137b885b69a473ad4a4141.css
ton.twimg.com/tfw/css/ 32 KB
0 51ms
18ms Image
text/css 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_58aae6c3fc7614a364137b885b69a473ad4a4141.css

Requested by

Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (vie/F386) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date: Tue, 18 Jul 2017 13:23:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-ton-expected-size: 44673
x-cache: HIT
status: 200
content-length: 6809
x-response-time: 7
surrogate-key: tfw
last-modified: Mon, 03 Jul 2017 12:16:24 GMT
server: ECS (vie/F386)
etag: "6SFmDbv0DZNmqsUiIrKQ1Q=="
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: https://twitter.com
x-connection-hash: db37b066ba6708a1a77fb9626c53df0e
accept-ranges: bytes
expires: Tue, 25 Jul 2017 13:23:44 GMT

GET
DATA 200
OK truncated
/ Frame 1445 707 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb40f5941362b2f30b7a665a4b325b2810e7ec64738da8c2301f6f2d7cbbf6c3

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 559 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cd7887cf9a61431f64864df1e5fe9823e163638bf811dc97ee556268886bf865

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 618 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b051420a41347f3e04fbe6745d5fa58c3dfd40a7209b8dc09a138bc6381bd8dc

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 739 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 1445 607 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK activeview
pagead2.googlesyndication.com/ Frame 1445 42 B
42 B 14ms
14ms Image
image/gif 2a00:1450:4001:81f::2002
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pagead2.googlesyndication.com/activeview?avi=BoM0q3wtuWbrLCNeFzAag066wCgAAAAAQATgByAEDwAIC4AIAyAOZBOAEAaAGFNIIBQiAYRAB&cid=CAASBORotwY&id=osdim&ti=1&r=u&adk=1898152435&tt=1103&bs=1585,1200&mtos=1097,1097,1097,1097,1097&tos=1097,0,0,0,0&p=184,429,274,1157&rs=3&ht=0&tfs=5&tls=1102&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1585,4479&ss=1600,1200&pt=-1&deb=1-0-6-9-12--1&tvt=1098&avms=geo&uc=6&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=728x90

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:44 GMT
X-Content-Type-Options: nosniff
Server: cafe
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate
Timing-Allow-Origin: *
Content-Length: 42
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activeview
pagead2.googlesyndication.com/ Frame 1445 42 B
42 B 20ms
14ms Image
image/gif 2a00:1450:4001:81f::2002
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pagead2.googlesyndication.com/activeview?avi=BAbNi3wtuWbvLCNeFzAag066wCgAAAAAQATgByAEDwAIC4AIAyAOZBOAEAaAGFNIIBQiAYRAB&cid=CAASBORoxkM&id=osdim&ti=1&r=u&adk=2764879362&tt=1103&bs=1585,1200&mtos=1090,1090,1090,1090,1090&tos=1090,0,0,0,0&p=300,963,900,1263&rs=3&ht=0&tfs=12&tls=1102&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1585,4479&ss=1600,1200&pt=-1&deb=1-0-6-9-12--1&tvt=1098&avms=geo&uc=6&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=300x600

Requested by

Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844

Protocol

HTTP/1.1

Server

2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:44 GMT
X-Content-Type-Options: nosniff
Server: cafe
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, must-revalidate
Timing-Allow-Origin: *
Content-Length: 42
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

jot.html
platform.twitter.com/ Frame 1445
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

OPTIONS
H/1.1 200
OK / Show response
default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com/index.php/api/activity/recordActivity/ 16 B
16 B 210ms
112ms XHR
application/json 34.195.195.40
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com/index.php/api/activity/recordActivity/
Requested by: Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
Protocol: HTTP/1.1
Server: 34.195.195.40 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-195-195-40.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 1f3d80151cd80c610fc93e9bd4129aaa1c291dea44358ed676cc0ced3b8df769

Request headers

Access-Control-Request-Method: POST
Origin: http://www.itworldcanada.com
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Access-Control-Request-Headers: authorization,content-type

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:49 GMT
Server: Apache
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, Accept
Content-Length: 16
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK beacon.gif
rum-collector.pingdom.net/img/ 43 B
62 B 70ms
64ms Image
image/gif 2400:cb00:2048:1::6814:14ef
CloudFlare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rum-collector.pingdom.net/img/beacon.gif?path=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&title=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack%20%7C%20IT%20World%20Canada%20News&id=5346df9cabe53df45d9e7904&s=nt&rC=0&sid=4u50mm9a&sis=1&ref=&nS=0&uES=-1&uEE=-1&rS=-1&rE=-1&fS=0&dLS=1&dLE=93&cS=93&cE=191&hS=-1&reS=191&resS=622&resE=720&dL=623&dI=2072&dCLES=2085&dCLEE=2096&dC=7379&lES=7379&lEE=7385
Requested by: Host: www.itworldcanada.com
URL: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Protocol: HTTP/1.1
Server: 2400:cb00:2048:1::6814:14ef , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software: cloudflare-nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Tue, 18 Jul 2017 13:23:49 GMT
Content-Encoding: gzip
Server: cloudflare-nginx
Connection: keep-alive
CF-RAY: 3805c1f9c4c60f63-FRA
Transfer-Encoding: chunked
Content-Type: image/gif

POST
H/1.1 200
OK / Show response
default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com/index.php/api/activity/recordActivity/ 17 B
17 B 132ms
132ms XHR
application/json 34.195.195.40
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com/index.php/api/activity/recordActivity/
Protocol: HTTP/1.1
Server: 34.195.195.40 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-195-195-40.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 7e519bac7d8f28abae7ee7b3e1d0b73afdbf9dc7a677f5a6c9a8a76cc0fed1a2

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844
Origin: http://www.itworldcanada.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Authorization: itwc:14a15db925f9c742652ac6c1705f278c1c3129af58a53d0bf7491e44b84c65d0:2017-07-18 13:23:49
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Tue, 18 Jul 2017 13:23:49 GMT
Server: Apache
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, Accept
Content-Length: 17
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tags.bluekai.com
URL: http://tags.bluekai.com/site/27519?dt=0&r=764024187&sig=1579726073&bkca=KJpnEnaNpQlN2x7nvUVt+w91E9XrnYMp3UJ1PpPt9uvNG+xutT0ulO0NGLuXkwhzV6BE9yBMYh1M/t1px019S79uyx==

Domain: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=itworldcanada&t_i=394844%20http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2F%2F394844&t_u=http%3A%2F%2Fwww.itworldcanada.com%2Farticle%2Fcanadian-firm-pays-425000-to-recover-from-ransomware-attack%2F394844&t_e=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack&t_d=%0A%0ACanadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack%09%09%09%09&t_t=Canadian%20firm%20pays%20%24425%2C000%20to%20recover%20from%20ransomware%20attack&s_o=default&l=

Domain: platform.twitter.com
URL: https://platform.twitter.com/jot.html

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.disqus.com/	2018-07-18 13:23:44	Name: disqus_unique Value: a0kn683855gne
.google.com/	2018-01-17 13:23:44	Name: NID Value: 108=G_HHW292E4PEdKxYLMmSk_1aJTPL-l7iUSqsKjpCircD8TGjuZo6Z1iqv_h7SnSrNBrAT0c_dXhKMNpaOJK76bjRvPNXomTnRuhpxSjj1jN9N80WeYITj4cQ9c5fFaOX
disqus.com/	2017-07-18 13:53:44	Name: __jid Value: a0kn672splosm
.itworldcanada.com/	2017-07-18 13:33:43	Name: __utmt Value: 1
.itworldcanada.com/	2019-07-18 13:23:43	Name: __utma Value: 120853079.1344433557.1500384223.1500384223.1500384223.1
.itworldcanada.com/	2018-01-17 01:23:43	Name: __utmz Value: 120853079.1500384223.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
www.itworldcanada.com/	2019-07-18 13:23:44	Name: wpusers Value: MjAxNy0wNy0xOCAxMzoyMzo0NA==
.itworldcanada.com/	2017-07-18 13:53:43	Name: __utmb Value: 120853079.1.10.1500384223
.disqus.com/	9999-12-31 12:00:00	Name: G_ENABLED_IDPS Value: google
.bluekai.com/	2018-01-14 13:23:43	Name: bkdc Value: phx
.itworldcanada.com/	1970-01-01 00:00:00	Name: __utmc Value: 120853079
.itworldcanada.com/	2019-07-18 13:23:43	Name: __gads Value: ID=25b3e2c651d71be1:T=1500384223:S=ALNI_MYi_yPATJFyOiol2xYifQR0qimUhQ
.itworldcanada.com/	1970-01-01 00:00:00	Name: lo_session Value: %257B%2522_lo_no_track%2522%253A1%257D
.bluekai.com/	2018-01-14 13:23:49	Name: bku Value: 4tL99BXnqkAk/I6o

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][setOption] The option "debug" he was assigned to "true"
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][on] A type of event "detected" was added
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][on] A type of event "notDetected" was added
console-api	log	URL: http://www.itworldcanada.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: http://bb.itwc.ca/js/cube.js(Line 96) Message: {"data":[{"url":"http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844?cb_action=pageview&cid=MjAxNy0wNy0xOCAxMzoyMzo0NA==&scid=&wp_post_id=394844&refer=&targeturl=http://www.itworldcanada.com/article/canadian-firm-pays-425000-to-recover-from-ransomware-attack/394844","cookie":"__utmt=1; __utma=120853079.1344433557.1500384223.1500384223.1500384223.1; __utmb=120853079.1.10.1500384223; __utmc=120853079; __utmz=120853079.1500384223.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none); __gads=ID=25b3e2c651d71be1:T=1500384223:S=ALNI_MYi_yPATJFyOiol2xYifQR0qimUhQ; wpusers=MjAxNy0wNy0xOCAxMzoyMzo0NA==; lo_session=%257B%2522_lo_no_track%2522%253A1%257D"}]}
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][onload->eventCallback] A check loading is launched
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_creatBait] Bait has been created
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][check] An audit was requested with a loop
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][check] A check is in progress ...
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_checkBait] A check (1/5 ~1ms) was conducted and detection is negative
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_checkBait] A check (2/5 ~51ms) was conducted and detection is negative
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_checkBait] A check (3/5 ~101ms) was conducted and detection is negative
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_checkBait] A check (4/5 ~151ms) was conducted and detection is negative
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_checkBait] A check (5/5 ~201ms) was conducted and detection is negative
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_stopLoop] A loop has been stopped
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][_destroyBait] Bait has been removed
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][emitEvent] An event with a negative detection was called
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][emitEvent] Call function 1/1
console-api	log	URL: http://www.itworldcanada.com/block/blockadblock.js(Line 57) Message: [BlockAdBlock][clearEvent] The event list has been cleared
console-api	log	URL: http://bb.itwc.ca/js/cube.js(Line 275) Message: returned:done

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bb.itwc.ca
c.disquscdn.com
cdn.luckyorange.com
cdn.syndication.twimg.com
cdnjs.cloudflare.com
d10lpsik1i8c69.cloudfront.net
d2z178pveyogmv.cloudfront.net
de.tynt.com
default-environment.kpk28eemgn.us-east-1.elasticbeanstalk.com
disqus.com
i.simpli.fi
ib.adnxs.com
ic.tynt.com
itworldcanada.disqus.com
messagent.itworldcanada.com
pagead2.googlesyndication.com
pbs.twimg.com
platform.twitter.com
ps.eyeota.net
rum-collector.pingdom.net
rum-static.pingdom.net
s.cpx.to
s3-us-west-2.amazonaws.com
sc.tynt.com
securepubads.g.doubleclick.net
settings.luckyorange.net
stats.g.doubleclick.net
syndication.twitter.com
tags.bluekai.com
tcr.tynt.com
ton.twimg.com
tpc.googlesyndication.com
view.atdmt.com
www.google-analytics.com
www.googletagservices.com
www.itwc.ca
www.itworldcanada.com
disqus.com
platform.twitter.com
tags.bluekai.com
104.16.87.26
104.16.88.26
104.24.11.90
104.244.42.72
151.101.112.134
151.101.128.134
172.217.21.98
199.96.57.6
208.100.17.188
208.100.17.190
2400:cb00:2048:1::6810:4fa6
2400:cb00:2048:1::6813:c466
2400:cb00:2048:1::6814:14ef
2400:cb00:2048:1::6814:15ef
2400:cb00:2048:1::6819:4b75
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:1a46:1c04:1676:610:129d
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::200e
2a00:1450:4001:81f::2002
2a00:1450:4001:824::200a
2a00:1450:400c:c06::9d
2a03:2880:f01c:8004:face:b00c:0:8c
34.195.195.40
35.157.92.151
37.252.172.80
5.153.20.140
52.218.128.4
52.30.90.179
52.7.195.62
52.85.89.107
52.85.89.136
64.140.125.133
64.140.125.136
64.140.125.207
021b1b2e4693e6c1fc5498752947c3c08b3317b333afcbb762353f15acce50ca
0349100029af861cd700a61fb578756cd4f489a4b91a2f5cd99bd0d4f9de884c
03a4a8818608faa712f8d4be45d3fce6c5e6f77e33dfdd4980a378b0eb9218e5
04cad17694d8a1b7cb32158350430624e31021022d7c2bb30aaae3c97d4e539d
059d7f76a7662405100374530359da8f439f4b945864fafab45b834320a429e2
05c31043e139eb628521b80242f3c5b8a7a0ab9960b86cbc61cca8380e2dff31
06eadfbe26c2d663c6ee24fb2590eed10661694ca81a87881f83b347ba8a92bb
0a79f8b1cae05e2527c11f4116fa5637aaf168698b96f4120cd36d010ca03f88
12b2ac44fc594e083d027f4f485cd0e2218d2b702328dc2fc070e8388491ad5b
130737120951b5567d2f9a42bfa334a5e667caa59078fdace37f01179fc1488d
1949abb6507b16152212cee409cb3f09f06b394b991f6682acf2e66c439672b9
1c3816a931e5bff306e042e603c5e2eb330e66560dc93a17cd1254d110fc4abc
1f1a1c144743680d427a17a1416eb537a777d4bd6a61b3140f3adcf681ad8fc6
1f3d80151cd80c610fc93e9bd4129aaa1c291dea44358ed676cc0ced3b8df769
20c0928941cd543bed2af0d75560103bc8b7791b43c85849c37966bd72a6d827
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
23b0b9e69f66f37a2a87aa8534acb19988320b4e9b18c49c129fa0ba886893fa
271fb7a38ee9a0abb2070e2af9a1f66f7dbe87305b9bea9af421aa91779c40e0
29771e45c8783f2d4b0f1e81c1a00839c3fb7daf75c124679aedcbc26ebf37e2
30756d05d0ee2f235ab1a2bef5c27582db72891637c74f57d552f0f8a3ca64a5
3133ea85527efbd9affca6e46c0892118fdd2d925e26d7d2b5c1ca27023c3aca
338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
353c715208d1f9fc06d5e95ae84173e870da0fec7d2a2ebeebbdcb571ddb0725
3baed8f27ebe499ee4a7398e3aab931b01ee7108cab575943d380d56bcde09d7
3f76073703cbb680f2c7a03bf5fe0c0a7df4888cff13fc09e22524f6de415a66
45055babdbc02ea34c7baa53f33fc68389c4c5f73afe0bfafd6c9bc5733399bc
46800921eaa3e82b6f6950f9e0060e2d5a0719354fef1b0499c0247b6fb2c91b
468ad667912603497d23c0a77192f47ce8a9d4d4523c65eba48f618489986e6d
482e755f567d1ec122365bf7b28e1c818ba863b16f4e4aa82a5ff4a1c071c94d
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4ae0f5682c1c6512efc959f2ea403eb807b32ba3c9a3bc6526c3cd53aa78f8ca
4bc4ddf821cd9a03c4bfb72e6511e4cb1cde692a395e9bb8b6d19ad236caf39b
4d8c739d54433d669e8da957f91b7f17de9895c0e7fcd69719377fe71a9f7681
4e2ed635abf0b2dcbac3ea04d16ccf58bb2195364d65b76190f03da0f43255c5
4e72ba62d0646e00e609593fab0333385f3e84eac3cc9408845df86c037c039a
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
4f8d1c73670970f54f0c7c9f2993ee14a3ef0e1319c91e5d38ea2e91fce572a9
501b6f45ce33093a2be1b6adad73987b5be3a0ef114e1a7858b3f9fded8719bb
5778b44cba918dfc38ab166b4d6befc29eeeb368e9d7cc1c80179e4919831b79
57e3ef1ad7bbc96743f140a5b45172acef7f70278f84e721a9f1f664ecb9065a
5967e71ac5357e46928007817ecbc81b7119561506beb580492a09d3f5917068
5a17705a26cdbb8dd6a1b472693dc7b3e588098d3452408388a7d4859ac546fb
5dd5dd1ef6e367aca313367664284bd3e2f311fd0ef83bb7c837f0ef8a42f545
5ec358949de628946007f95c47064a064b07271b39e4d26a6b0c27a17b3a0faa
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
61f7679efb629be2e2ee69a87928a940475fcab2718e9041942d0e894443fb74
68ad5c98ff4e533be77307b324e6665b79f6d284975447165572ea1df524a29c
6a7ef3bee3b7d1abb1f18eacf47b99f955a6b62d85f84cb0ac183ec53e7f9bd7
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6dc1d884f985d6f16b6942220781f91962c754ccc163d5f9d1d5a7d291931e15
6e31aa24a9e60cbab6ed07d2615014ddb6718d64f0c088504a43c8794b674630
709399bef8af81cbb6b283d0ac709a1cfe3579938cff3ca9f782da29f3a2f927
72636a5a2949f0be2270fdda169a36bd71603aaa7f2c709de7e13a2e98a1ccc6
75fb7639af36293cf3b45f8eb3cde61b59dcc6b9dec93e23785a9eb62e119d73
787ad35a257b852a471bb468a9d05b3115754cf8b39e0e115590f4b8aceba5cb
796a5ef6d168642bac896df678fb8734fe6376350ad796283ad3a4625c71b817
7abeb65ac3a97a897c6b3125b85eba097a22a3b94e4c048c0b26362df7fa61a3
7d6c8713d36d0cf65222c29035d4dfe1d3a3d4356f82f0c55735f74ef5f06a60
7e519bac7d8f28abae7ee7b3e1d0b73afdbf9dc7a677f5a6c9a8a76cc0fed1a2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8612b33089fae75798f3732ec2b0ada8e35e82f24e3d8e543d26d26df0069128
8a55fa03cbefc080f9709bd17a44c1cb03ad38fcba5b901ae08b18057a85e949
8dc08c8d418bda764805a694f2546c65d3fa9a399ae45f76246740b99f813c4c
8dd0cd4086add5ffd61ee31a4222c6ce8051cabe1423ab97cdbcfc4e3c907ab7
932d585a460d3f4e9200723eccb409fb4d9e55d5a271f685939d357d576a058c
95654393bc2cc5657db432ad784f7c260867760f5232d3e6820539ed59ba8cf5
990d4dac086b43546867bbed1587d2b4212b4b754c4c9babea65c830ecd4e109
9c1a42fa5566edeaa3ab1e331a51a77bc4ba805e1bd7153dd35b27ca66c87690
9c3df1abf041c66eeb9cf92970fb183081c809601641a9a54a484974982c4d92
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a33a8b696a97efdf5a58179b0d9cc30409c1716cd0db2aecdb2fa01c004b0bc9
a686595c3b139e2154f3c96aa8e94d7b459d6ec62837086440503a0eebc59862
a9c8e4a3ae585d01ddf7ddacfb11756492bb3a8bfd710a423327b4bf46593d59
aa5c0320931cad4f64e49be36e2de0120e8a3780aba676e558c945b7e7430997
abaf9fb23b33a45bf842ed2348d06db7346efc042b187d49cdb0cfa49a2f00d2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae5f50b2f37e6d987eeeab05cc75c24906e6c4ccd7bb9f1ad842d635d3dfaee7
af90c9433fca4e81f1ae364bcf1ea7cd5e3bde9fbfc28e42c5146168010fabeb
b0102543747ba914956a4af6afb00dce3239eab7da760de4ec9b255b820fe031
b051420a41347f3e04fbe6745d5fa58c3dfd40a7209b8dc09a138bc6381bd8dc
b1bdb64c67f8446da86af71a6c45f78c31d64dce221a8e1ce85c28951a5270fa
b4134edcb728defc293634dfb1bf55217446355708056ffae1c8041a5c1bc4e2
b9622281558f1979c053d598121153f63ca28439d6532e5a9241be4c3e1e8409
bb70c9f1689747385f70c6ae4729a4c52ec101a77b103e73d5fa6d638f8bf87f
bcb42c4f5eb5b4c7ee08632af417513c6f6002fdf7d4b8d2dea6376f0cadd563
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf4512e8a7ee4d972499eb80f3f2e02beef0d56236f6cbe339befb5d1671e3b1
bfcac6ee74f85436fef4166943db683e074ed75f527611c6de7b06717f16a9d5
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c92c5a06aca2d402e0031f78d26391e8f0cbfb4e2871a133ea50cbd3a1f11103
cab9fc23ddf2d031f2d7f75062e4f526f916394641294937721d606326b7aa77
cc1925173fd3b2ac347ad90e257c36fd4ba32f1580c8a98da263ffc84cd3a55d
cd7887cf9a61431f64864df1e5fe9823e163638bf811dc97ee556268886bf865
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3042f1f6064d31dbe09e0ce5a895d3a4a0934a718c8cd6fbd88e707af2b2a3d
d342bd10d16b3bd46f0cbce5725a36051d512a525fab0766d5e7109cd7787ec5
d78f2f64f171390e0a5105a5e445b05429e846df4c2163d5204425ba0b3ff1ed
d99e3fa32c641032f08149914b28c2dc6acf2ec62f70987f2259eabbfa7fc0de
dc72186b52e51efe32f5600cb0ace4b31a0d252fb6d547152b9fc8f49c55dd87
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
dd69365cc0c062a31ebc767937dbbe7452cbfca199544f2298c431a40984c992
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
df47209cb632720e2b3ac6eac88702b21633b46b17a6ccc62591c086de0a5bd3
df56d241adefc92c443edd2593f99d1e851015ae0952f3f2fab748763b05d93a
e17dacad67e2ba032053d2a9edbf57ea8fd1f0854109db708772924e54a9831b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77b5a12ed4cffe9108bb26dfe2f90bdecf03afa87bf897eb708a75550e4b46e
ed6fb5e485b177c9b947c07c8a36ff0f63e8fb71a46222eb60e7340dc3d970c3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02f9538a295f570f40de4a3218f5fc2a7d179d700cca84b9b53e084f245da73
f0e0d95a9c8abcdfabf46348e2d4285829bb0491f5f6af0e05af52bffb6324c4
f10aeefb066161f38dadd2ed1267852072f9fc1c7a50971b8bf25d4bf8851d84
f3dc752e1b0b1009ec40a3de8cd28bb18f00c8de830848730cdedc0c86e6e2cf
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
fb40f5941362b2f30b7a665a4b325b2810e7ec64738da8c2301f6f2d7cbbf6c3
fba7c4ebb1da99497e565e8ef26bcba59df68d7c798996bacc5aed9a383a045c
fc386854f3e57fe9ca9f3c23be40b62576cf3bee2b916a9a75d882889817fc51
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
fcd4500332e11d659e7ac14d5323e2a795853c56dbd6f576541ca2e4de3394fd
fd0b570f84422541c1a6c5bd44d28b1748e45b287d363dbf08690de4ec77ee48
ff421af4e6609b190d369e8042d9ba09e103be7464d993fdfb2dd2a86be78458

www.itworldcanada.com Open in urlscan Pro 64.140.125.207 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

133 Requests

45 %HTTPS

37 %IPv6

25 Domains

38 Subdomains

36 IPs

6 Countries

1492 kBTransfer

3438 kBSize

14 Cookies

24 Outgoing links

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.itworldcanada.com Open in urlscan Pro
64.140.125.207 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

45 %
HTTPS

37 %
IPv6

25
Domains

38
Subdomains

36
IPs

6
Countries

1492 kB
Transfer

3438 kB
Size

14
Cookies

133 HTTP transactions
13 data transactions